Author: white Date: 2009-12-24 12:04:13 +0000 (Thu, 24 Dec 2009) New Revision: 13642 Modified: data/CVE/list Log: One rails issue does not affect lenny, since the version does not include ''text'' in unverifiable_types Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-12-24 10:50:05 UTC (rev 13641) +++ data/CVE/list 2009-12-24 12:04:13 UTC (rev 13642) @@ -986,6 +986,7 @@ NOTE: http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1 CVE-2008-7248 (Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify ...) - rails <unfixed> (medium; bug #558685) + [lenny] - rails <not-affected> (Vulnerable code not present) NOTE: http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1 CVE-2009-4073 (The printing functionality in Microsoft Internet Explorer 8 allows ...) NOT-FOR-US: Microsoft Internet Explorer 8