[Secure-testing-commits] r24549 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Dec 3 21:34:34 UTC 2013
Author: carnil
Date: 2013-12-03 21:34:34 +0000 (Tue, 03 Dec 2013)
New Revision: 24549
Modified:
data/CVE/list
Log:
Add CVE-2013-4491
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-12-03 21:28:57 UTC (rev 24548)
+++ data/CVE/list 2013-12-03 21:34:34 UTC (rev 24549)
@@ -5661,8 +5661,14 @@
RESERVED
CVE-2013-4492
RESERVED
-CVE-2013-4491
+CVE-2013-4491 [Reflective XSS]
RESERVED
+ - ruby-actionpack-4.0 <unfixed>
+ - ruby-actionpack-3.2 <unfixed>
+ - ruby-actionpack-2.3 <not-affected> (vulnerable code not present)
+ - rails 2.3.14.1
+ NOTE: Starting with 2.3.14.1 rails is a transition package
+ TODO: check, report to BTS
CVE-2013-4490 [Remote code execution vulnerability in the SSH key upload feature]
RESERVED
- gitlab <itp> (bug #651606)
More information about the Secure-testing-commits
mailing list