Author: fw
Date: 2007-06-16 14:04:25 +0000 (Sat, 16 Jun 2007)
New Revision: 6019
Modified:
data/CVE/list
Log:
CVE-2007-2681: b2evolution non-issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-06-16 13:30:52 UTC (rev 6018)
+++ data/CVE/list 2007-06-16 14:04:25 UTC (rev 6019)
@@ -1255,7 +1255,10 @@
CVE-2007-2682 (The installer for Adobe Version Cue CS3 Server on Apple Mac OS
X, as ...)
NOT-FOR-US: Adobe
CVE-2007-2681 (Directory traversal vulnerability in blogs/index.php in
b2evolution ...)
- TODO: check
+ - b2evolution <unfixed> (unimportant)
+ NOTE: This is a register_globals=on issue.
+ NOTE: More than just blogs/index.php is affected (that file isn't
+ NOTE: installed by the Debian package).
CVE-2007-2680 (Cross-site scripting (XSS) vulnerability in the management
interface ...)
NOT-FOR-US: Canon
CVE-2007-2679 (PHP file inclusion vulnerability in index.php in Ivan Peevski
gallery ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
