nion at alioth.debian.org
2008-Oct-14 10:42 UTC
[Secure-testing-commits] r10076 - data/CVE
Author: nion
Date: 2008-10-14 10:41:58 +0000 (Tue, 14 Oct 2008)
New Revision: 10076
Modified:
data/CVE/list
Log:
update on drupal session cookie issues
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-10-14 00:40:54 UTC (rev 10075)
+++ data/CVE/list 2008-10-14 10:41:58 UTC (rev 10076)
@@ -2191,6 +2191,8 @@
CVE-2008-3661 (Drupal, probably 5.10 and 6.4, does not set the secure flag for
the ...)
- drupal5 <unfixed> (low; bug #501063)
- drupal6 <unfixed> (low; bug #501058)
+ NOTE: drupal upstreams advise the users to set session.cookie_secure in the
php configuration
+ NOTE: this should be sufficient but documented in README.Debian to fix this
bug
CVE-2008-3660 (PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6, when used as a
...)
{DSA-1647-1}
- php5 5.2.6-4 (medium)