[Secure-testing-commits] r20339 - data/CVE
Thijs Kinkhorst
thijs at alioth.debian.org
Sat Oct 13 13:12:15 UTC 2012
Author: thijs
Date: 2012-10-13 13:12:15 +0000 (Sat, 13 Oct 2012)
New Revision: 20339
Modified:
data/CVE/list
Log:
new ruby, libproxy issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-10-13 12:37:53 UTC (rev 20338)
+++ data/CVE/list 2012-10-13 13:12:15 UTC (rev 20339)
@@ -1,3 +1,6 @@
+CVE-2012-XXXX [ruby Unintentional file creation caused by inserting a illegal NUL character]
+ - ruby1.8 <unfixed>
+ - ruby1.9.1 <unfixed>
CVE-2012-5386 (Directory traversal vulnerability in index.php in phpPaleo 4.8b180 ...)
TODO: check
CVE-2012-5385 (install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows ...)
@@ -2277,7 +2280,7 @@
RESERVED
CVE-2012-4522
RESERVED
-CVE-2012-4521
+CVE-2012-4521 [rejected dupe assignment]
RESERVED
CVE-2012-4520
RESERVED
@@ -2321,8 +2324,11 @@
NOTE: https://github.com/sitaramc/gitolite/commit/f636ce3ba3e340569b26d1e47b9d9b62dd8a3bf2
CVE-2012-4505
RESERVED
+ - libproxy <unfixed>
CVE-2012-4504
RESERVED
+ - libproxy <not-affected> (Vulnerable code not present)
+ NOTE: 0.4-only issue, fixed in newest upstream 0.4.9
CVE-2012-4503
RESERVED
CVE-2012-4502
More information about the Secure-testing-commits
mailing list