[Secure-testing-commits] r24593 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Dec 5 13:46:34 UTC 2013
Author: carnil
Date: 2013-12-05 13:46:33 +0000 (Thu, 05 Dec 2013)
New Revision: 24593
Modified:
data/CVE/list
Log:
Add more fixed versions for CVEs for ruby-actionpack-3.2
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-12-05 13:44:13 UTC (rev 24592)
+++ data/CVE/list 2013-12-05 13:46:33 UTC (rev 24593)
@@ -1753,7 +1753,7 @@
CVE-2013-6417 [Unsafe Query Generation]
RESERVED
- rails-4.0 4.0.2+dfsg-1 (bug #731290)
- - ruby-actionpack-3.2 <unfixed> (bug #731288)
+ - ruby-actionpack-3.2 3.2.16-1 (bug #731288)
- ruby-actionpack-2.3 <not-affected> (vulnerable code not present)
- rails 2.3.14.1
NOTE: Starting with 2.3.14.1 rails is a transition package
@@ -1768,14 +1768,14 @@
CVE-2013-6415 [XSS]
RESERVED
- rails-4.0 4.0.2+dfsg-1 (bug #731290)
- - ruby-actionpack-3.2 <unfixed> (bug #731288)
+ - ruby-actionpack-3.2 3.2.16-1 (bug #731288)
- ruby-actionpack-2.3 <unfixed> (bug #731289)
- rails 2.3.14.1
NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2013-6414 [Denial of Service Vulnerability]
RESERVED
- rails-4.0 4.0.2+dfsg-1 (bug #731290)
- - ruby-actionpack-3.2 <unfixed> (bug #731288)
+ - ruby-actionpack-3.2 3.2.16-1 (bug #731288)
- ruby-actionpack-2.3 <not-affected> (vulnerable code not present)
- rails 2.3.14.1
NOTE: Starting with 2.3.14.1 rails is a transition package
@@ -6338,7 +6338,7 @@
CVE-2013-4491 [Reflective XSS]
RESERVED
- rails-4.0 4.0.2+dfsg-1 (bug #731290)
- - ruby-actionpack-3.2 <unfixed> (bug #731288)
+ - ruby-actionpack-3.2 3.2.16-1 (bug #731288)
- ruby-actionpack-2.3 <not-affected> (vulnerable code not present)
- rails 2.3.14.1
NOTE: Starting with 2.3.14.1 rails is a transition package
More information about the Secure-testing-commits
mailing list