[Secure-testing-team] [Secure-testing-commits] r6337 - data/CVE
Nico Golde
nico at ngolde.de
Thu Aug 16 13:01:13 UTC 2007
Hi,
* nion at alioth.debian.org <nion at alioth.debian.org> [2007-08-16 14:55]:
[...]
> CVE-2007-0667 (The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and ...)
> - - sql-ledger <unfixed> (bug #409703)
> + - sql-ledger <unfixed> (bug #409703; medium)
> [etch] - sql-ledger <no-dsa> (Should only be used with trusted users)
> NOTE: sql-ledger 2.6.22-2 adds a note to README.Debian that sql-ledger
> NOTE: is not secure with untrusted users.
Just wanted to comment this, noting the bug in README.Debian
does not fix it and doesn't help users who don't read the
file, just if someone wonders why I didn't set low :)
Kind regards
Nico
--
Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070816/9cc1c548/attachment.pgp
More information about the Secure-testing-team
mailing list