Author: hertzog Date: 2014-11-18 15:45:52 +0000 (Tue, 18 Nov 2014) New Revision: 30132
Modified: data/CVE/list data/dla-needed.txt Log: Add details about CVE-2014-4737/textpattern and put it in dla-needed.txt Modified: data/CVE/list =================================================================== --- data/CVE/list 2014-11-18 15:45:42 UTC (rev 30131) +++ data/CVE/list 2014-11-18 15:45:52 UTC (rev 30132) @@ -9351,6 +9351,9 @@ NOT-FOR-US: FortiGuard FortiWeb CVE-2014-4737 (Cross-site scripting (XSS) vulnerability in Textpattern CMS before ...) - textpattern <removed> + NOTE: https://github.com/textpattern/textpattern/commit/1206c7d84949a58cd0a2bc4a91ee53a0c8d4daf6 + NOTE: is likely the commit fixing the issue. But it does more than the + NOTE: strict minimum. CVE-2014-4736 (SQL injection vulnerability in E2 before 2.4 (2845) allows remote ...) NOT-FOR-US: E2 CVE-2014-4735 (Cross-site scripting (XSS) vulnerability in MyWebSQL 3.4 and earlier ...) Modified: data/dla-needed.txt =================================================================== --- data/dla-needed.txt 2014-11-18 15:45:42 UTC (rev 30131) +++ data/dla-needed.txt 2014-11-18 15:45:52 UTC (rev 30132) @@ -71,6 +71,10 @@ -- squid3 (Matt Palmer) -- +textpattern + NOTE: Has been dropped from newer releases. Should we instead mark + it unsupported? +-- tomcat6 (Holger Levsen and Tony Mancill) -- xlhtml _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits