[Secure-testing-commits] r24561 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Wed Dec 4 05:13:13 UTC 2013 

Author: carnil
Date: 2013-12-04 05:13:13 +0000 (Wed, 04 Dec 2013)
New Revision: 24561

Modified:
   data/CVE/list
Log:
Add bugnumber for rails issues, thanks terceiro

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-12-03 22:36:30 UTC (rev 24560)
+++ data/CVE/list	2013-12-04 05:13:13 UTC (rev 24561)
@@ -1746,37 +1746,33 @@
 	RESERVED
 CVE-2013-6417 [Unsafe Query Generation]
 	RESERVED
-	- rails-4.0 <unfixed>
-	- ruby-actionpack-3.2 <unfixed>
+	- rails-4.0 <unfixed> (bug #731290)
+	- ruby-actionpack-3.2 <unfixed> (bug #731288)
 	- ruby-actionpack-2.3 <not-affected> (vulnerable code not present)
 	- rails 2.3.14.1
 	NOTE: Starting with 2.3.14.1 rails is a transition package
 	NOTE: CVE for incomplete fix for CVE-2013-0155
-	TODO: check, report to BTS
 CVE-2013-6416 [XSS]
 	RESERVED
-	- rails-4.0 <unfixed>
+	- rails-4.0 <unfixed> (bug #731290)
 	- ruby-actionpack-3.2 <not-affected> (vulnerable code not present)
 	- ruby-actionpack-2.3 <not-affected> (vulnerable coee not present)
 	- rails 2.3.14.1
 	NOTE: Starting with 2.3.14.1 rails is a transition package
-	TODO: check, report to BTS
 CVE-2013-6415 [XSS]
 	RESERVED
-	- rails-4.0 <unfixed>
-	- ruby-actionpack-3.2 <unfixed>
-	- ruby-actionpack-2.3 <unfixed>
+	- rails-4.0 <unfixed> (bug #731290)
+	- ruby-actionpack-3.2 <unfixed> (bug #731288)
+	- ruby-actionpack-2.3 <unfixed> (bug #731289)
 	- rails 2.3.14.1
 	NOTE: Starting with 2.3.14.1 rails is a transition package
-	TODO: check, report to BTS
 CVE-2013-6414 [Denial of Service Vulnerability]
 	RESERVED
-	- rails-4.0 <unfixed>
-	- ruby-actionpack-3.2 <unfixed>
+	- rails-4.0 <unfixed> (bug #731290)
+	- ruby-actionpack-3.2 <unfixed> (bug #731288)
 	- ruby-actionpack-2.3 <not-affected> (vulnerable code not present)
 	- rails 2.3.14.1
 	NOTE: Starting with 2.3.14.1 rails is a transition package
-	TODO: check, report to BTS
 CVE-2013-6413 [unrealircd: DoS, use after free]
 	RESERVED
 	- unrealircd <itp> (bug #515130)
@@ -6334,12 +6330,11 @@
 	RESERVED
 CVE-2013-4491 [Reflective XSS]
 	RESERVED
-	- rails-4.0 <unfixed>
-	- ruby-actionpack-3.2 <unfixed>
+	- rails-4.0 <unfixed> (bug #731290)
+	- ruby-actionpack-3.2 <unfixed> (bug #731288)
 	- ruby-actionpack-2.3 <not-affected> (vulnerable code not present)
 	- rails 2.3.14.1
 	NOTE: Starting with 2.3.14.1 rails is a transition package
-	TODO: check, report to BTS
 CVE-2013-4490 [Remote code execution vulnerability in the SSH key upload feature]
 	RESERVED
 	- gitlab <itp> (bug #651606)

More information about the Secure-testing-commits mailing list