[Secure-testing-team] Re: [Secure-testing-commits] r4017 - data/CVE
Moritz Muehlenhoff
jmm at inutil.org
Sat May 27 19:19:31 UTC 2006
Alec Berryman wrote:
> Author: alec-guest
> Date: 2006-05-20 22:59:58 +0000 (Sat, 20 May 2006)
> New Revision: 4017
>
> Modified:
> data/CVE/list
> Log:
> trac XSS issue fixed in unstable, not in sarge
>
> Modified: data/CVE/list
> ===================================================================
> --- data/CVE/list 2006-05-20 22:54:05 UTC (rev 4016)
> +++ data/CVE/list 2006-05-20 22:59:58 UTC (rev 4017)
> @@ -817,7 +817,8 @@
> CVE-2006-2107 (Buffer overflow in BL4 SMTP Server 0.1.4 and earlier allows remote ...)
> TODO: check
> CVE-2006-2106 (Cross-site scripting (XSS) vulnerability in Edgewall Software Trac ...)
> - TODO: check
> + - trac 0.9.5-1 (medium)
> + [sarge] - trac <unfixed> (medium)
You don't need to add <unfixed> entries for stable, if the version in Sarge
is lower then the fix recorded for Sarge, it will automatically be marked
as affected.
Cheers,
Moritz
More information about the Secure-testing-team
mailing list