[Secure-testing-commits] r23263 - data/CVE
Salvatore Bonaccorso
carnil at alioth.debian.org
Fri Aug 9 08:17:21 UTC 2013
Author: carnil
Date: 2013-08-09 08:17:20 +0000 (Fri, 09 Aug 2013)
New Revision: 23263
Modified:
data/CVE/list
Log:
add note for CVE-2013-0183, code seems affected but got a refactoring in 1.3.0
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-08-09 07:30:32 UTC (rev 23262)
+++ data/CVE/list 2013-08-09 08:17:20 UTC (rev 23263)
@@ -13068,7 +13068,9 @@
CVE-2013-0183 (multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 ...)
- ruby-rack 1.4.1-2.1 (bug #698440)
- librack-ruby <removed>
- TODO: check, only affeted 1.3.x and 1.4.x versions?
+ NOTE: commit 24d512531bd88f2d6ce94b3a3d9798fde8fbb713 refactored the multipart module
+ NOTE: and introduced the fast_forward_to_first_boundry function.
+ NOTE: https://github.com/rack/rack/commit/24d512531bd88f2d6ce94b3a3d9798fde8fbb713
CVE-2013-0182 (The Payment module 7.x-1.x before 7.x-1.3 for Drupal does not properly ...)
NOT-FOR-US: Drupal module Payment
CVE-2013-0181 (Cross-site scripting (XSS) vulnerability in Views in the Search API ...)
More information about the Secure-testing-commits
mailing list