Author: luk
Date: 2012-01-02 23:09:28 +0000 (Mon, 02 Jan 2012)
New Revision: 18000
Modified:
data/CVE/list
Log:
rails issues
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-01-02 20:02:40 UTC (rev 17999)
+++ data/CVE/list 2012-01-02 23:09:28 UTC (rev 18000)
@@ -5771,8 +5771,7 @@
{DSA-2310-1 DSA-2303-1}
- linux-2.6 3.0.0-2
CVE-2011-3187 (The to_s method in ...)
- - rails <undetermined>
- NOTE: 3.x only?
+ - rails <unfixed> (unimportant)
CVE-2011-3186 (CRLF injection vulnerability in ...)
{DSA-2301-1}
- rails 2.3.14
@@ -6518,7 +6517,8 @@
CVE-2011-2933
RESERVED
CVE-2011-2932 (Cross-site scripting (XSS) vulnerability in ...)
- - rails <undetermined>
+ - rails 2.3.14
+ [squeeze] - rails <not-affected> (Vulnerable code not present)
CVE-2011-2931 (Cross-site scripting (XSS) vulnerability in the strip_tags
helper in ...)
{DSA-2301-1}
- rails 2.3.14
@@ -6526,7 +6526,7 @@
{DSA-2301-1}
- rails 2.3.14
CVE-2011-2929 (The template selection functionality in ...)
- - rails <undetermined>
+ - rails <not-affected> (Only affects RoR 3.0 and above)
CVE-2011-2928 (The befs_follow_link function in fs/befs/linuxvfs.c in the Linux
...)
{DSA-2310-1 DSA-2303-1}
- linux-2.6 3.0.0-2