Author: thijs
Date: 2008-06-15 12:11:53 +0000 (Sun, 15 Jun 2008)
New Revision: 9072
Modified:
data/CVE/list
Log:
update plone issues after upstream input. They are low since they only
occur when not following so-called best practices. One is fixed in 3.1.x,
one does not apply to 3.x, others unfixed but upstream doesn't seem
interested to fix them.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-06-15 11:45:16 UTC (rev 9071)
+++ data/CVE/list 2008-06-15 12:11:53 UTC (rev 9072)
@@ -2861,13 +2861,14 @@
CVE-2008-1397 (Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI
R55 ...)
NOT-FOR-US: Check Point VPN
CVE-2008-1396 (Plone CMS 3.x uses invariant data (a client username and a
server ...)
- - plone3 <unfixed> (bug #473571)
+ - plone3 <unfixed> (low; bug #473571)
CVE-2008-1395 (Plone CMS does not record users' authentication states, and
implements ...)
- - plone3 <unfixed> (bug #473571)
+ - plone3 <unfixed> (low; bug #473571)
CVE-2008-1394 (Plone CMS before 3 places a base64 encoded form of the username
and ...)
- - plone3 <unfixed> (bug #473571)
+ - zope-cmfplone <removed>
+ NOTE: doesn't apply to v3
CVE-2008-1393 (Plone CMS 3.0.5, and probably other 3.x versions, places a
base64 ...)
- - plone3 <unfixed> (bug #473571)
+ - plone3 3.1.1-1 (low; bug #473571)
CVE-2008-1392 (The default configuration of VMware Workstation 6.0.2, VMware
Player ...)
- vmware-package <unfixed> (low; bug #486177)
NOTE: vmware-package just builds vmware from downloaded tarballs, the
package itself
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
