[Secure-testing-team] CVE-2006-3681 and CVE-2006-3682 mixed?
Helge Kreutzmann
debian at helgefjell.de
Mon Feb 19 18:58:52 UTC 2007
Hello,
I just checked out the SVN repository and checked also on the web page,
and I think those CVEs are mixed up. The path vulnerability is 3682,
while XSS is 3681. The first is clearly no problem, as the Debian
package is publicly visible (hence the path can be obtained), for the
second one assume that's been checked (as stated in the comment),
(i.e. covered in awstats (6.4-1sarge3))
I'll add them this way in the nonvuln list on debian.org.
Greetings
Helge
--
Dr. Helge Kreutzmann debian at helgefjell.de
Dipl.-Phys. http://www.helgefjell.de/debian.php
64bit GNU powered gpg signed mail preferred
Help keep free software "libre": http://www.ffii.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070219/5d033ad0/attachment.pgp
More information about the Secure-testing-team
mailing list