Author: jmm-guest Date: 2010-01-31 11:29:16 +0000 (Sun, 31 Jan 2010) New Revision: 13981 Modified: data/CVE/list Log: rails fixed spu update for status.pm xss Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-01-31 11:21:13 UTC (rev 13980) +++ data/CVE/list 2010-01-31 11:29:16 UTC (rev 13981) @@ -2267,7 +2267,7 @@ - mysql-dfsg-5.0 <removed> TODO: check CVE-2009-4214 (Cross-site scripting (XSS) vulnerability in the strip_tags function in ...) - - rails <unfixed> (low; bug #558685) + - rails 2.2.3-2 (low; bug #558685) NOTE: http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1 CVE-2008-7248 (Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify ...) - rails <unfixed> (medium; bug #558685) @@ -12984,6 +12984,7 @@ CVE-2009-0796 (Cross-site scripting (XSS) vulnerability in Status.pm in ...) - libapache2-mod-perl2 2.0.4-6 (low; bug #567635) [lenny] - libapache2-mod-perl2 <no-dsa> (Minor issue) + TODO: [lenny] - libapache2-mod-perl2 2.0.4-5+lenny1 - apache <removed> [etch] - apache <no-dsa> (minor issue) CVE-2009-0795