Author: gilbert-guest Date: 2009-10-23 16:10:30 +0000 (Fri, 23 Oct 2009) New Revision: 13078 Modified: data/CVE/list Log: mahara maintainer sent an email stating that versions <1.1 are not affected by cve-2009-2171 Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-10-23 15:58:44 UTC (rev 13077) +++ data/CVE/list 2009-10-23 16:10:30 UTC (rev 13078) @@ -4943,7 +4943,7 @@ - mahara 1.1.5-1 (low) CVE-2009-2171 (Mahara 1.1 before 1.1.5 does not apply permission checks when saving a ...) - mahara 1.1.5-1 (low) - [lenny] - mahara <no-dsa> (Minor issue) + [lenny] - mahara <not-affected> (vulnerable code introduced in 1.1) CVE-2009-2120 (Multiple SQL injection vulnerabilities in TekBase All-in-One 3.1 allow ...) NOT-FOR-US: TekBase CVE-2009-2119 (Cross-site scripting (XSS) vulnerability in the login interface ...)