[Secure-testing-commits] r23376 - data/CVE
Salvatore Bonaccorso
carnil at alioth.debian.org
Wed Aug 21 16:48:59 UTC 2013
Author: carnil
Date: 2013-08-21 16:48:59 +0000 (Wed, 21 Aug 2013)
New Revision: 23376
Modified:
data/CVE/list
Log:
add entry for CVE-2013-1437 with note; by design Module::Metadata evaluates code, but documentation stated that metadata information about the module is gathered without executing unsafe code
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-08-21 16:38:08 UTC (rev 23375)
+++ data/CVE/list 2013-08-21 16:48:59 UTC (rev 23376)
@@ -9973,8 +9973,13 @@
RESERVED
CVE-2013-1438
RESERVED
-CVE-2013-1437
+CVE-2013-1437 [Code execution when gathering version metadata]
RESERVED
+ - perl <unfixed>
+ - libmodule-metadata-perl <unfixed>
+ NOTE: this is by 'design', but previous to version Module::Metadata 1.000015
+ NOTE: the statement whas This module provides a standard way to gather metadata
+ NOTE: about a .pm file *without* executing unsafe code.
CVE-2013-1436 [code injection]
RESERVED
- xmonad-contrib 0.11.2-1 (low)
More information about the Secure-testing-commits
mailing list