thijs at alioth.debian.org
2008-Jun-15 12:11 UTC
[Secure-testing-commits] r9072 - data/CVE
Author: thijs Date: 2008-06-15 12:11:53 +0000 (Sun, 15 Jun 2008) New Revision: 9072 Modified: data/CVE/list Log: update plone issues after upstream input. They are low since they only occur when not following so-called best practices. One is fixed in 3.1.x, one does not apply to 3.x, others unfixed but upstream doesn''t seem interested to fix them. Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-06-15 11:45:16 UTC (rev 9071) +++ data/CVE/list 2008-06-15 12:11:53 UTC (rev 9072) @@ -2861,13 +2861,14 @@ CVE-2008-1397 (Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 ...) NOT-FOR-US: Check Point VPN CVE-2008-1396 (Plone CMS 3.x uses invariant data (a client username and a server ...) - - plone3 <unfixed> (bug #473571) + - plone3 <unfixed> (low; bug #473571) CVE-2008-1395 (Plone CMS does not record users'' authentication states, and implements ...) - - plone3 <unfixed> (bug #473571) + - plone3 <unfixed> (low; bug #473571) CVE-2008-1394 (Plone CMS before 3 places a base64 encoded form of the username and ...) - - plone3 <unfixed> (bug #473571) + - zope-cmfplone <removed> + NOTE: doesn''t apply to v3 CVE-2008-1393 (Plone CMS 3.0.5, and probably other 3.x versions, places a base64 ...) - - plone3 <unfixed> (bug #473571) + - plone3 3.1.1-1 (low; bug #473571) CVE-2008-1392 (The default configuration of VMware Workstation 6.0.2, VMware Player ...) - vmware-package <unfixed> (low; bug #486177) NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself