[Secure-testing-commits] r22049 - data/CVE
Thijs Kinkhorst
thijs at alioth.debian.org
Sat Apr 27 06:35:49 UTC 2013
Author: thijs
Date: 2013-04-27 06:35:49 +0000 (Sat, 27 Apr 2013)
New Revision: 22049
Modified:
data/CVE/list
Log:
ruby-passenger not affected, nfu
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-04-27 05:31:09 UTC (rev 22048)
+++ data/CVE/list 2013-04-27 06:35:49 UTC (rev 22049)
@@ -1,5 +1,5 @@
CVE-2013-3269 (Cross-site request forgery (CSRF) vulnerability in Cybozu Office ...)
- TODO: check
+ NOT-FOR-US: Cybozu Office
CVE-2013-3268 (Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after ...)
NOT-FOR-US: Novell iManager
CVE-2013-3267
@@ -8263,7 +8263,8 @@
NOT-FOR-US: tuned (RH-specific powersaving tool)
CVE-2012-6135
RESERVED
- - ruby-passenger (low; bug #702219)
+ - ruby-passenger <not-affected> (Vulnerable code not present; bug #702219)
+ NOTE: 4.0.0 betas only
CVE-2012-6134 (Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 ...)
NOT-FOR-US: ruby-omniauth, there was a sponsor request, but no ITP: http://osdir.com/ml/debian-mentors/2011-08/msg00662.html
CVE-2012-6133 [XSS flaws in ok and error messages]
More information about the Secure-testing-commits
mailing list