[Secure-testing-commits] r24555 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Dec 3 21:51:58 UTC 2013
Author: carnil
Date: 2013-12-03 21:51:58 +0000 (Tue, 03 Dec 2013)
New Revision: 24555
Modified:
data/CVE/list
Log:
Add CVE-2013-6417
NOTE: as with previously commited CVEs additions, needs to be reported
to BTS, thus left the TODO item so far.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-12-03 21:51:16 UTC (rev 24554)
+++ data/CVE/list 2013-12-03 21:51:58 UTC (rev 24555)
@@ -1093,8 +1093,15 @@
RESERVED
CVE-2013-6418
RESERVED
-CVE-2013-6417
+CVE-2013-6417 [Unsafe Query Generation]
RESERVED
+ - rails-4.0 <unfixed>
+ - ruby-actionpack-3.2 <unfixed>
+ - ruby-actionpack-2.3 <not-affected> (vulnerable code not present)
+ - rails 2.3.14.1
+ NOTE: Starting with 2.3.14.1 rails is a transition package
+ NOTE: CVE for incomplete fix for CVE-2013-0155
+ TODO: check, report to BTS
CVE-2013-6416 [XSS]
RESERVED
- rails-4.0 <unfixed>
More information about the Secure-testing-commits
mailing list