thr3ads.net - Secure testing commits - [Secure-testing-commits] r10953

If this information is useful, please help other people find it:
Share via:

thijs at alioth.debian.org

2009-Jan-14 13:01 UTC

[Secure-testing-commits] r10953 - data/CVE

Author: thijs
Date: 2009-01-14 13:01:07 +0000 (Wed, 14 Jan 2009)
New Revision: 10953

Modified:
   data/CVE/list
Log:
plone cookie issie no-dsa; it''s a good security enhancement bug it
cannot
be exploited without other vectors in itself


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-01-14 08:13:43 UTC (rev 10952)
+++ data/CVE/list	2009-01-14 13:01:07 UTC (rev 10953)
@@ -10973,7 +10973,9 @@
 	[lenny] - plone3 <no-dsa> (Only an issue if not following best
practices, see bug #473571)
 CVE-2008-1394 (Plone CMS before 3 places a base64 encoded form of the username
and ...)
 	- zope-cmfplone <removed>
+	[etch] - zope-cmfplone <no-dsa> (low)
 	NOTE: doesn''t apply to v3
+	NOTE: more a security enhancement
 CVE-2008-1393 (Plone CMS 3.0.5, and probably other 3.x versions, places a
base64 ...)
 	- plone3 <unfixed> (low; bug #473571)
 	[lenny] - plone3 <no-dsa> (Only an issue if not following best
practices, see bug #473571)

Secure testing commits - Jan 2009 - r10953 - data/CVE

[Secure-testing-commits] r10953 - data/CVE