[Secure-testing-commits] r18000 - data/CVE

Luk Claes luk at alioth.debian.org
Mon Jan 2 23:09:29 UTC 2012


Author: luk
Date: 2012-01-02 23:09:28 +0000 (Mon, 02 Jan 2012)
New Revision: 18000

Modified:
   data/CVE/list
Log:
rails issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-01-02 20:02:40 UTC (rev 17999)
+++ data/CVE/list	2012-01-02 23:09:28 UTC (rev 18000)
@@ -5771,8 +5771,7 @@
 	{DSA-2310-1 DSA-2303-1}
 	- linux-2.6 3.0.0-2
 CVE-2011-3187 (The to_s method in ...)
-	- rails <undetermined>
-	NOTE: 3.x only?
+	- rails <unfixed> (unimportant)
 CVE-2011-3186 (CRLF injection vulnerability in ...)
 	{DSA-2301-1}
 	- rails 2.3.14
@@ -6518,7 +6517,8 @@
 CVE-2011-2933
 	RESERVED
 CVE-2011-2932 (Cross-site scripting (XSS) vulnerability in ...)
-	- rails <undetermined>
+	- rails 2.3.14
+	[squeeze] - rails <not-affected> (Vulnerable code not present)
 CVE-2011-2931 (Cross-site scripting (XSS) vulnerability in the strip_tags helper in ...)
 	{DSA-2301-1}
 	- rails 2.3.14    
@@ -6526,7 +6526,7 @@
 	{DSA-2301-1}
 	- rails 2.3.14    
 CVE-2011-2929 (The template selection functionality in ...)
-	- rails <undetermined>
+	- rails <not-affected> (Only affects RoR 3.0 and above)
 CVE-2011-2928 (The befs_follow_link function in fs/befs/linuxvfs.c in the Linux ...)
 	{DSA-2310-1 DSA-2303-1}
 	- linux-2.6 3.0.0-2




More information about the Secure-testing-commits mailing list