diff options
author | Thijs Kinkhorst <thijs@debian.org> | 2008-06-15 12:11:53 +0000 |
---|---|---|
committer | Thijs Kinkhorst <thijs@debian.org> | 2008-06-15 12:11:53 +0000 |
commit | d95af0d666604b01e731e69174d30fdeec9f80cc (patch) | |
tree | b3579660a0a97dbd4017ed9cb159202cc28fc8c7 /data | |
parent | bcbd6cb86571ce1f84e880abb1d4d491eeeeaceb (diff) |
update plone issues after upstream input. They are low since they only
occur when not following so-called best practices. One is fixed in 3.1.x,
one does not apply to 3.x, others unfixed but upstream doesn't seem
interested to fix them.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@9072 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/data/CVE/list b/data/CVE/list index 89f2f2fd08..1e69e0f24f 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -2861,13 +2861,14 @@ CVE-2008-1398 (SQL injection vulnerability in online.php in AuraCMS 2.0 through CVE-2008-1397 (Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 ...) NOT-FOR-US: Check Point VPN CVE-2008-1396 (Plone CMS 3.x uses invariant data (a client username and a server ...) - - plone3 <unfixed> (bug #473571) + - plone3 <unfixed> (low; bug #473571) CVE-2008-1395 (Plone CMS does not record users' authentication states, and implements ...) - - plone3 <unfixed> (bug #473571) + - plone3 <unfixed> (low; bug #473571) CVE-2008-1394 (Plone CMS before 3 places a base64 encoded form of the username and ...) - - plone3 <unfixed> (bug #473571) + - zope-cmfplone <removed> + NOTE: doesn't apply to v3 CVE-2008-1393 (Plone CMS 3.0.5, and probably other 3.x versions, places a base64 ...) - - plone3 <unfixed> (bug #473571) + - plone3 3.1.1-1 (low; bug #473571) CVE-2008-1392 (The default configuration of VMware Workstation 6.0.2, VMware Player ...) - vmware-package <unfixed> (low; bug #486177) NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself |