jmm-guest at alioth.debian.org
2008-Oct-05 09:40 UTC
[Secure-testing-commits] r9999 - data/CVE
Author: jmm-guest Date: 2008-10-05 09:40:53 +0000 (Sun, 05 Oct 2008) New Revision: 9999 Modified: data/CVE/list Log: sql-ledger not fully supported Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-10-05 09:30:36 UTC (rev 9998) +++ data/CVE/list 2008-10-05 09:40:53 UTC (rev 9999) @@ -26371,7 +26371,9 @@ CVE-2007-0668 (The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in ...) NOT-FOR-US: Sun Solaris. CVE-2007-0667 (The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and ...) - - sql-ledger <unfixed> (bug #409703; medium) + - sql-ledger <unfixed> (bug #409703; unimportant) + NOTE: It''s documented behaviour that SQL-Ledger should only be run in an + NOTE: authenticated HTTP zone and without untrusted users [etch] - sql-ledger <no-dsa> (Should only be used with trusted users) NOTE: sql-ledger 2.6.22-2 adds a note to README.Debian that sql-ledger NOTE: is not secure with untrusted users.