Author: white Date: 2010-11-17 08:55:25 +0000 (Wed, 17 Nov 2010) New Revision: 15596 Modified: data/CVE/list Log: mahara not vulnerable in any suite at the moment, just keep an eye out that 1.3.3 or higher is uploaded next to sid Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-11-17 08:33:41 UTC (rev 15595) +++ data/CVE/list 2010-11-17 08:55:25 UTC (rev 15596) @@ -829,6 +829,8 @@ RESERVED CVE-2010-3871 (Cross-site scripting (XSS) vulnerability in ...) - mahara <unfixed> (low; bug #603749) + [lenny] - mahara <not-affected> (Vulnerable file not included) + TODO: File was introduced after 1.2.6, so check that next sid version is at least 1.3.3 or higher CVE-2010-3870 (The utf8_decode function in PHP before 5.3.4 does not properly handle ...) - php5 <unfixed> (bug #603751) CVE-2010-3869