jmm-guest at alioth.debian.org
2008-Aug-24 21:13 UTC
[Secure-testing-commits] r9639 - data/CVE
Author: jmm-guest
Date: 2008-08-24 21:13:49 +0000 (Sun, 24 Aug 2008)
New Revision: 9639
Modified:
data/CVE/list
Log:
non-issue
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-08-24 21:10:13 UTC (rev 9638)
+++ data/CVE/list 2008-08-24 21:13:49 UTC (rev 9639)
@@ -161,7 +161,10 @@
CVE-2003-1563 (Sun Cluster 2.2 through 3.2 for Oracle Parallel Server / Real
...)
NOT-FOR-US: Oracle
CVE-2008-3699 (The MagnatuneBrowser::listDownloadComplete function in ...)
- - amarok 1.4.10-1 (low; bug #494765)
+ - amarok 1.4.10-1 (unimportant; bug #494765)
+ NOTE: The code in question doesn''t dereference the symlink,
tested with Etch
+ NOTE: and Lenny. Given that it only takes a minute to test this,
it''s surprising
+ NOTE: that at least one vendor issued an advisory and upstream pushed a
new release...
CVE-2008-3740 [drupal XSS]
RESERVED
{DTSA-156-1}