[Secure-testing-commits] r23392 - data/CVE
Salvatore Bonaccorso
carnil at alioth.debian.org
Thu Aug 22 07:26:54 UTC 2013
Author: carnil
Date: 2013-08-22 07:26:54 +0000 (Thu, 22 Aug 2013)
New Revision: 23392
Modified:
data/CVE/list
Log:
add CVE-2013-4701, part (final) of external check, but unchecked, might also affect packages embedding php-openid if used
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-08-22 07:22:21 UTC (rev 23391)
+++ data/CVE/list 2013-08-22 07:26:54 UTC (rev 23392)
@@ -1418,8 +1418,10 @@
RESERVED
CVE-2013-4702
RESERVED
-CVE-2013-4701
+CVE-2013-4701 [XML External Entity issue allows for reading arbitrary files or excessive resource consumption]
RESERVED
+ - php-openid <unfixed>
+ TODO: check, potentially also simplesamlphp, typo3-src and wordpress-openid (including a Auth/Yadis/XML.php in source)
CVE-2013-4700
RESERVED
CVE-2013-4699
More information about the Secure-testing-commits
mailing list