Re: [Secure-testing-commits] r9475 - data/CVE

To: Steffen Joeris <steffen.joeris@skolelinux.de>
Cc: debian-security-tracker@lists.debian.org, thomasbl-guest@alioth.debian.org
Subject: Re: [Secure-testing-commits] r9475 - data/CVE
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Thu, 31 Jul 2008 22:47:45 +0200
Message-id: <[🔎] 20080731204745.GA28874@inutil.org>
In-reply-to: <[🔎] 200807311822.01663.steffen.joeris@skolelinux.de>
References: <E1KOTFD-0002e0-Vl@alioth.debian.org> <[🔎] 200807311822.01663.steffen.joeris@skolelinux.de>

Steffen Joeris wrote:
> On Thu, 31 Jul 2008 06:10:43 pm thomasbl-guest@alioth.debian.org wrote:
> > Author: thomasbl-guest
> > Date: 2008-07-31 08:10:42 +0000 (Thu, 31 Jul 2008)
> > New Revision: 9475
> >
> > Modified:
> >    data/CVE/list
> > Log:
> > CVE-2008-3312 done
> >
> >
> >
> > Modified: data/CVE/list
> > ===================================================================
> > --- data/CVE/list	2008-07-31 06:46:05 UTC (rev 9474)
> > +++ data/CVE/list	2008-07-31 08:10:42 UTC (rev 9475)
> > @@ -83,7 +83,7 @@
> >  CVE-2008-3313 (Multiple PHP remote file inclusion vulnerabilities in
> > CreaCMS 1.0 ...) NOT-FOR-US: CreaCMS
> >  CVE-2008-3312 (Directory traversal vulnerability in ...)
> > -	TODO: check FCKeditor code and versions
> > +	- fckeditor <not-affected> (Vulnerable code not present)
> Does that mean all the various applications that include fckeditor code (and 
> also older versions of this code) are not affected as well?

It also misses a NOTE or a bug reference indicating why Debian should
not be affected.

Cheers,
        Moritz

Reply to:

References:
- Re: [Secure-testing-commits] r9475 - data/CVE
  - From: Steffen Joeris <steffen.joeris@skolelinux.de>

Prev by Date: Re: [Secure-testing-commits] r9475 - data/CVE
Previous by thread: Re: [Secure-testing-commits] r9475 - data/CVE
Index(es):
- Date
- Thread