[Secure-testing-commits] r10953 - data/CVE

thijs Wed, 14 Jan 2009 05:01:16 -0800

Author: thijs
Date: 2009-01-14 13:01:07 +0000 (Wed, 14 Jan 2009)
New Revision: 10953


Modified:
   data/CVE/list
Log:
plone cookie issie no-dsa; it's a good security enhancement bug it cannot
be exploited without other vectors in itself


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2009-01-14 08:13:43 UTC (rev 10952)
+++ data/CVE/list       2009-01-14 13:01:07 UTC (rev 10953)
@@ -10973,7 +10973,9 @@
        [lenny] - plone3 <no-dsa> (Only an issue if not following best 
practices, see bug #473571)
 CVE-2008-1394 (Plone CMS before 3 places a base64 encoded form of the username 
and ...)
        - zope-cmfplone <removed>
+       [etch] - zope-cmfplone <no-dsa> (low)
        NOTE: doesn't apply to v3
+       NOTE: more a security enhancement
 CVE-2008-1393 (Plone CMS 3.0.5, and probably other 3.x versions, places a 
base64 ...)
        - plone3 <unfixed> (low; bug #473571)
        [lenny] - plone3 <no-dsa> (Only an issue if not following best 
practices, see bug #473571)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r10953 - data/CVE

Reply via email to