[Secure-testing-commits] r23345 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2013-08-17 07:09:36 +0000 (Sat, 17 Aug 2013)
New Revision: 23345

Modified:
   data/CVE/list
Log:
update CVE-2011-3923, marking CVE-2013-3587 as TODO, which is about BREACH

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-08-17 06:38:58 UTC (rev 23344)
+++ data/CVE/list	2013-08-17 07:09:36 UTC (rev 23345)
@@ -3953,7 +3953,7 @@
 CVE-2013-3588
 	RESERVED
 CVE-2013-3587
-	RESERVED
+    TODO: check
 CVE-2013-3586
 	RESERVED
 CVE-2013-3585
@@ -33925,6 +33925,11 @@
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2011-3923
 	RESERVED
+	- libstruts1.2-java <unfixed>
+	- libspring-2.5-java <unfixed>
+	TODO: check
+	NOTE: https://cwiki.apache.org/confluence/display/WW/S2-009
+	NOTE: http://blog.o0o.nu/2012/01/cve-2011-3923-yet-another-struts2.html
 CVE-2011-3922 (Stack-based buffer overflow in Google Chrome before 16.0.912.75 allows ...)
 	- chromium-browser 16.0.912.75~r116452-1
 	[squeeze] - chromium-browser <end-of-life>