Author: nion Date: 2008-02-19 11:17:05 +0000 (Tue, 19 Feb 2008) New Revision: 8187 Modified: data/CVE/list Log: festival already got CVE-2007-4074, now fixed in 1.96~beta-6, did this fix got lost in the past? Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-02-19 11:03:00 UTC (rev 8186) +++ data/CVE/list 2008-02-19 11:17:05 UTC (rev 8187) @@ -56,9 +56,6 @@ - am-utils <not-affected> (Affected code not present in the binary package) NOTE: sendmail includes a copy of the script, which has been fixed since NOTE: several years -CVE-2008-XXXX [unauthenticated remote code execution in festival server] - - festival 1.96~beta-6 (medium; bug #466146) - NOTE: CVE id pending CVE-2008-0807 [missing access restriction to user contacts in turba] - turba2 2.1.7-1 (bug #464058) NOTE: CVE id pending @@ -9014,7 +9011,7 @@ CVE-2007-4075 (Cross-site scripting (XSS) vulnerability in index.asp in Alisveris ...) NOT-FOR-US: Alisveris Sitesi Scripti CVE-2007-4074 (The default configuration of Centre for Speech Technology Research ...) - - festival 1.4.3-21 (bug #435445; low) + - festival 1.96~beta-6 (bug #435445; low) [etch] - festival <no-dsa> (Minor issue) CVE-2007-4073 (Webbler CMS before 3.1.6 does not properly restrict use of "mail a ...) NOT-FOR-US: Webbler CMS