thijs at alioth.debian.org
2008-Sep-04 06:52 UTC
[Secure-testing-commits] r9740 - data/CVE
Author: thijs Date: 2008-09-04 06:52:39 +0000 (Thu, 04 Sep 2008) New Revision: 9740 Modified: data/CVE/list Log: cgiwrap is actually affected, the cross site scripting only works on windows browsers, but will probably work with our installation of cgiwrap as I understand it. Still, it''s quite a minor issue and the fix isn''t a real fix. I''ll ask to have it removed from testing/unstable. Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-09-03 23:36:27 UTC (rev 9739) +++ data/CVE/list 2008-09-04 06:52:39 UTC (rev 9740) @@ -2412,7 +2412,12 @@ CVE-2008-2853 (SQL injection vulnerability in index.php in Easy Webstore 1.2 allows ...) NOT-FOR-US: Easy Webstore CVE-2008-2852 (Cross-site scripting (XSS) vulnerability in CGIWrap before 4.1, when ...) - - cgiwrap <not-affected> (Windows specific issue) + - cgiwrap <unfixed> (low; bug #497761) + [etch] - cgiwrap <no-dsa> (Minor issue) + NOTE: only applies to certain character sets and only works with + NOTE: browsers. There isn''t a good solution available, the patch uses + NOTE: a compile-time charset specification. All in all not a real + NOTE: priority to fix in etch. CVE-2008-2851 (Multiple buffer overflows in OFF System before 0.19.14 allow remote ...) NOT-FOR-US: OFF System CVE-2008-2850 (SQL injection vulnerability in the TrailScout module 5.x before ...)