[Secure-testing-team] GForge: CVE-2007-4966 and CVE-2007-3913
Roland Mas
lolando at debian.org
Tue Oct 2 12:12:02 UTC 2007
Thijs Kinkhorst, 2007-10-02 13:42:58 +0200 :
> Hi,
>
> CVE-2007-4966 has been marked as a duplicate of CVE-2007-3913 in the
> tracker, and I think rightly so.
Correct.
> Has anyone tried to "exploit" of 4966 on a fixed version of Gforge
> just to be sure?
Since the behaviour described is the very same as the one in 3913, I
guess testing for the latter also implies testing for the former. So,
yes.
> Has anyone contacted Mitre about this duplication?
I haven't.
Roland.
--
Roland Mas
Time is a drug. Too much of it kills you.
-- in Small Gods (Terry Pratchett)
More information about the Secure-testing-team
mailing list