[Secure-testing-commits] r24701 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Dec 12 06:25:31 UTC 2013
Author: carnil
Date: 2013-12-12 06:25:31 +0000 (Thu, 12 Dec 2013)
New Revision: 24701
Modified:
data/CVE/list
Log:
Add (not verified) Plone (and Zope) CVEs
NOTE: Might be partially NFU
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-12-12 06:21:09 UTC (rev 24700)
+++ data/CVE/list 2013-12-12 06:25:31 UTC (rev 24701)
@@ -4,6 +4,12 @@
NOT-FOR-US: Monitorix
CVE-2013-7070
NOT-FOR-US: Monitorix
+CVE-2013-7062 [XSS]
+ TODO: check plone/zope
+CVE-2013-7061 [Privilege escalation through exposed underlying API]
+ TODO: check plone/zope
+CVE-2013-7060 [Filesystem path information leak]
+ TODO: check plone/zope
CVE-2013-7048 [Nova live snapshots use an insecure local directory]
- nova <unfixed>
TODO: check
@@ -21797,7 +21803,7 @@
- xen 4.1.3-5
CVE-2012-5509 (aeolus-configserver-setup in the Aeolas Configuration Server, as used ...)
NOT-FOR-US: Aeolus Cloud Configuration tool (not the pipe organ simulator in Debian)
-CVE-2012-5508 [ Zope/Plone: PRNG isn't reseeded ]
+CVE-2012-5508 [ Zope/Plone: PRNG isn't reseeded]
RESERVED
- zope2.12 2.12.26-1 (bug #692899)
NOTE: https://plone.org/products/plone/security/advisories/20121106/24
More information about the Secure-testing-commits
mailing list