info on old jquery issue

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@21876 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Michael Gilbert <mgilbert@debian.org> 2013-04-07 23:56:44 +0000
committer: Michael Gilbert <mgilbert@debian.org> 2013-04-07 23:56:44 +0000
commit: eb663521b0dbec05aef5cceecd9a1f79a82bfc0d (patch)
tree: cb222a7c6678b937cfcafe38e3f8593dd7f9c85c /data/CVE/2007.list
parent: a42096be1171ca8e4b2512a85e4fd2d217e223a0 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index 120c29eabf..2670d6eb6b 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -10455,7 +10455,8 @@ CVE-2007-2381 (The MochiKit framework exchanges data using JavaScript Object Not
 CVE-2007-2380 (The Microsoft Atlas framework exchanges data using JavaScript Object ...)
 	NOT-FOR-US: Microsoft Atlas
 CVE-2007-2379 (The jQuery framework exchanges data using JavaScript Object Notation ...)
-	- jquery <undetermined> (low)
+	- jquery <unfixed> (unimportant)
+        NOTE: the paper in this reference is a guideline on how to avoid writing unsafe jquery applications.  there really isn't anything to fix in the library itself.
 	NOTE: https://www.fortify.com/vulncat/en/vulncat/javascript/javascript_hijacking_ad_hoc_ajax.html
 CVE-2007-2378 (The Google Web Toolkit (GWT) framework exchanges data using JavaScript ...)
 	- gwt <unfixed> (unimportant; bug #563542)
author	Michael Gilbert <mgilbert@debian.org>	2013-04-07 23:56:44 +0000
committer	Michael Gilbert <mgilbert@debian.org>	2013-04-07 23:56:44 +0000
commit	eb663521b0dbec05aef5cceecd9a1f79a82bfc0d (patch)
tree	cb222a7c6678b937cfcafe38e3f8593dd7f9c85c /data/CVE/2007.list
parent	a42096be1171ca8e4b2512a85e4fd2d217e223a0 (diff)