Author: thijs
Date: 2008-09-28 14:40:12 +0000 (Sun, 28 Sep 2008)
New Revision: 9893
Modified:
data/CVE/list
Log:
squirrelmail fixed & no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-09-28 08:49:20 UTC (rev 9892)
+++ data/CVE/list 2008-09-28 14:40:12 UTC (rev 9893)
@@ -1275,7 +1275,11 @@
NOT-FOR-US: XRMS
CVE-2008-3663 [Squirrelmail: Session hijacking vulnerability]
RESERVED
- - squirrelmail <unfixed> (bug #499942)
+ - squirrelmail 2:1.4.15-3 (low; bug #499942)
+ [etch] - squirrelmail <no-dsa> (less important and fix changes
behaviour)
+ NOTE: only relevant for installations that are also offered over http
+ NOTE: which isn't normally a good idea anyway. Fixing in stable will
+ NOTE: change behaviour so not really suited for DSA.
CVE-2008-3662 (Gallery before 1.5.9, and 2.x before 2.2.6, does not set the
secure ...)
- gallery 1.5.9-1
- gallery2 2.2.6-1
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
