update plone issues after upstream input. They are low since they only

occur when not following so-called best practices. One is fixed in 3.1.x,
one does not apply to 3.x, others unfixed but upstream doesn't seem
interested to fix them.


git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@9072 e39458fd-73e7-0310-bf30-c45bca0a0e42

1 files changed, 5 insertions, 4 deletions

diff --git a/data/CVE/list b/data/CVE/list
index 89f2f2fd08..1e69e0f24f 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2861,13 +2861,14 @@ CVE-2008-1398 (SQL injection vulnerability in online.php in AuraCMS 2.0 through
 CVE-2008-1397 (Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 ...)
 	NOT-FOR-US: Check Point VPN
 CVE-2008-1396 (Plone CMS 3.x uses invariant data (a client username and a server ...)
-	- plone3 <unfixed> (bug #473571)
+	- plone3 <unfixed> (low; bug #473571)
 CVE-2008-1395 (Plone CMS does not record users' authentication states, and implements ...)
-	- plone3 <unfixed> (bug #473571)
+	- plone3 <unfixed> (low; bug #473571)
 CVE-2008-1394 (Plone CMS before 3 places a base64 encoded form of the username and ...)
-	- plone3 <unfixed> (bug #473571)
+	- zope-cmfplone <removed>
+	NOTE: doesn't apply to v3
 CVE-2008-1393 (Plone CMS 3.0.5, and probably other 3.x versions, places a base64 ...)
-	- plone3 <unfixed> (bug #473571)
+	- plone3 3.1.1-1 (low; bug #473571)
 CVE-2008-1392 (The default configuration of VMware Workstation 6.0.2, VMware Player ...)
 	- vmware-package <unfixed> (low; bug #486177)
 	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself