[Secure-testing-team] [Secure-testing-commits] r6337 - data/CVE
Moritz Muehlenhoff
jmm at inutil.org
Thu Aug 16 20:53:06 UTC 2007
Nico Golde wrote:
> > CVE-2007-0667 (The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and ...)
> > - - sql-ledger <unfixed> (bug #409703)
> > + - sql-ledger <unfixed> (bug #409703; medium)
> > [etch] - sql-ledger <no-dsa> (Should only be used with trusted users)
> > NOTE: sql-ledger 2.6.22-2 adds a note to README.Debian that sql-ledger
> > NOTE: is not secure with untrusted users.
>
> Just wanted to comment this, noting the bug in README.Debian
> does not fix it and doesn't help users who don't read the
> file, just if someone wonders why I didn't set low :)
Please use debian-security-tracker at lists.debian.org for tracker
relevant discussion. CCing.
It's certainly _not_ a medium issue, as it's completely beyond
what is supported for this package.
If you want more reliable ways to inform users than README.Debian.security
then please help work on #436161.
Cheers,
Moritz
More information about the Secure-testing-team
mailing list