[Secure-testing-commits] r18000 - data/CVE
Luk Claes
luk at alioth.debian.org
Mon Jan 2 23:09:29 UTC 2012
Author: luk
Date: 2012-01-02 23:09:28 +0000 (Mon, 02 Jan 2012)
New Revision: 18000
Modified:
data/CVE/list
Log:
rails issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-01-02 20:02:40 UTC (rev 17999)
+++ data/CVE/list 2012-01-02 23:09:28 UTC (rev 18000)
@@ -5771,8 +5771,7 @@
{DSA-2310-1 DSA-2303-1}
- linux-2.6 3.0.0-2
CVE-2011-3187 (The to_s method in ...)
- - rails <undetermined>
- NOTE: 3.x only?
+ - rails <unfixed> (unimportant)
CVE-2011-3186 (CRLF injection vulnerability in ...)
{DSA-2301-1}
- rails 2.3.14
@@ -6518,7 +6517,8 @@
CVE-2011-2933
RESERVED
CVE-2011-2932 (Cross-site scripting (XSS) vulnerability in ...)
- - rails <undetermined>
+ - rails 2.3.14
+ [squeeze] - rails <not-affected> (Vulnerable code not present)
CVE-2011-2931 (Cross-site scripting (XSS) vulnerability in the strip_tags helper in ...)
{DSA-2301-1}
- rails 2.3.14
@@ -6526,7 +6526,7 @@
{DSA-2301-1}
- rails 2.3.14
CVE-2011-2929 (The template selection functionality in ...)
- - rails <undetermined>
+ - rails <not-affected> (Only affects RoR 3.0 and above)
CVE-2011-2928 (The befs_follow_link function in fs/befs/linuxvfs.c in the Linux ...)
{DSA-2310-1 DSA-2303-1}
- linux-2.6 3.0.0-2
More information about the Secure-testing-commits
mailing list