[Secure-testing-commits] r23425 - data/CVE
Salvatore Bonaccorso
carnil at alioth.debian.org
Sun Aug 25 10:10:17 UTC 2013
Author: carnil
Date: 2013-08-25 10:10:16 +0000 (Sun, 25 Aug 2013)
New Revision: 23425
Modified:
data/CVE/list
Log:
add more notes for CVE-2013-5587, needs to be investigated, as unclear; should already be covered by DSA-2760 and DSA-2761?
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-08-25 09:34:42 UTC (rev 23424)
+++ data/CVE/list 2013-08-25 10:10:16 UTC (rev 23425)
@@ -1,8 +1,12 @@
CVE-2013-5587 [request-tracker: XSS]
- request-tracker3.8 <removed>
- request-tracker4 <unfixed> (low)
- [wheezy] - request-tracker4 <no-dsa> (Minor issue)
- TODO: check. split from CVE-2013-3371 due to different affected versions
+ NOTE: looks like CVE-2013-5587 is not fully correct
+ NOTE: patch for 3.8.17: https://github.com/bestpractical/rt/compare/rt-3.8.16...rt-3.8.17
+ NOTE: patch for 4.0.13: https://github.com/bestpractical/rt/compare/rt-4.0.12...rt-4.0.13
+ NOTE: should already be covered by DSA-2760 and DSA-2761.
+ NOTE: NVD mentions plit from CVE-2013-3371, due to different affected versions?
+ TODO: check
CVE-2013-5580 [denial of service (server crash)]
- ngircd <not-affected> (only affects 20, 20.1, and 20.2)
NOTE: http://arthur.barton.de/pipermail/ngircd-ml/2013-August/000652.html
More information about the Secure-testing-commits
mailing list