On 20/05/13 14:58, Steven Chamberlain wrote: > CVE-2010-3205 in the Textpattern CMS was marked 'NOT-FOR-US', but > there is a package of the affected version 4.2.0 in oldstable: > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3205 By the way, I can't confirm that the vulnerability assigned the CVE is legitimate. In fact it doesn't look to me that it could work. Regards, -- Steven Chamberlain steven@pyro.eu.org