On Sat, Apr 02, 2011 at 12:31:28AM -0500, security curmudgeon wrote: > CVE-2008-1609 & CVE-2006-7128 > > same issue, 4.0 RC1 and RC2. really guys? at least check VDBs before you > publish. > > : Vulnerability ID: HTB22666 > > : Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response > > Did you check the vendor's page? > > This page last updated on : May 20, 2006 This is still listed in htbridge web-page. Sadly www.attrition.org/errata/ doesn't work anymore. They listed lots of similar announcements. https://www.htbridge.ch/advisory/rfi_in_jaf_cms.html http://webcache.googleusercontent.com/search?q=cache:bXCSV_g236EJ:attrition.org/errata/charlatan/htbridge/advisory_errata.html&hl=en&strip=1 - Henri Salo
