Author: nion Date: 2008-08-08 10:15:15 +0000 (Fri, 08 Aug 2008) New Revision: 9539 Modified: data/CVE/list Log: drupal-4.7 has been removed Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-08-08 10:09:44 UTC (rev 9538) +++ data/CVE/list 2008-08-08 10:15:15 UTC (rev 9539) @@ -792,8 +792,7 @@ - drupal-4.7 <not-affected> (Vulnerable code not present, feature introduced in 6.0) CVE-2008-3219 (The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before ...) - drupal5 5.8-1 (low; bug #490559) - - drupal-4.7 <unfixed> (low) - TODO: report drupal-4.7 bug (see modules/filter.module line 1113, object is returned as valid) + - drupal-4.7 <removed> CVE-2008-3220 (Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before ...) - drupal5 5.8-1 (low; bug #490559) - drupal-4.7 <not-affected> (Vulnerable code not present) @@ -803,9 +802,7 @@ - drupal-4.7 <not-affected> (Vulnerable code not present, openids introduced in 6.0) CVE-2008-3222 (Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before ...) - drupal5 5.9-1 (low; bug #490559) - - drupal-4.7 <unfixed> (low) - TODO: report drupal-4.7 bug (see modules/user.module line 964, sess_regenerate() needs to be called) - NOTE: before login action + - drupal-4.7 <removed> CVE-2008-3223 (SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 ...) - drupal5 <not-affected> (Vulnerable code not present, introduced in 6.0) - drupal-4.7 <not-affected> (Vulnerable code not present, introduced in 6.0)