Alec Berryman wrote:
> Author: alec-guest
> Date: 2006-05-20 22:59:58 +0000 (Sat, 20 May 2006)
> New Revision: 4017
>
> Modified:
> data/CVE/list
> Log:
> trac XSS issue fixed in unstable, not in sarge
>
> Modified: data/CVE/list
> ===================================================================
> --- data/CVE/list 2006-05-20 22:54:05 UTC (rev 4016)
> +++ data/CVE/list 2006-05-20 22:59:58 UTC (rev 4017)
> @@ -817,7 +817,8 @@
> CVE-2006-2107 (Buffer overflow in BL4 SMTP Server 0.1.4 and earlier allows
> remote ...)
> TODO: check
> CVE-2006-2106 (Cross-site scripting (XSS) vulnerability in Edgewall Software
> Trac ...)
> - TODO: check
> + - trac 0.9.5-1 (medium)
> + [sarge] - trac <unfixed> (medium)
You don't need to add <unfixed> entries for stable, if the version in Sarge
is lower then the fix recorded for Sarge, it will automatically be marked
as affected.
Cheers,
Moritz
_______________________________________________
Secure-testing-team mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
