[Secure-testing-commits] r23318 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Wed Aug 14 21:30:14 UTC 2013


Author: jmm
Date: 2013-08-14 21:30:14 +0000 (Wed, 14 Aug 2013)
New Revision: 23318

Modified:
   data/CVE/list
Log:
cakephp not-affected
lcms1 no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-08-14 21:28:59 UTC (rev 23317)
+++ data/CVE/list	2013-08-14 21:30:14 UTC (rev 23318)
@@ -17,8 +17,7 @@
 CVE-2013-5111
 	RESERVED
 CVE-2013-XXXX [cakephp: local file inclusion]
-	- cakephp <unfixed>
-	TODO: check
+	- cakephp <not-affected> (AssetDispatcher not present in 1.3)
 	NOTE: http://bakery.cakephp.org/articles/markstory/2013/07/18/cakephp_2_3_8_2_2_9_released
 	NOTE: http://seclists.org/bugtraq/2013/Aug/97
 CVE-2013-XXXX [django Cross-site scripting (XSS) in admin interface]
@@ -178,7 +177,9 @@
 CVE-2013-5035
 	RESERVED
 CVE-2013-XXXX [liblcms1 buffer overflows]
-	- lcms <unfixed> (bug #718682)
+	- lcms <unfixed> (low; bug #718682)
+	[squeeze] - lcms <no-dsa> (Minor issue)
+	[wheezy] - lcms <no-dsa> (Minor issue)
 	- lcms2 <not-affected> (Vulnerable code not present)
 CVE-2013-5034
 	RESERVED




More information about the Secure-testing-commits mailing list