[Secure-testing-commits] r24761 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2013-12-16 06:14:44 +0000 (Mon, 16 Dec 2013)
New Revision: 24761

Modified:
   data/CVE/list
Log:
Add CVE-2013-6440 from external check, left the todo item to verify versions

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-12-15 21:26:08 UTC (rev 24760)
+++ data/CVE/list	2013-12-16 06:14:44 UTC (rev 24761)
@@ -2296,8 +2296,12 @@
 	RESERVED
 CVE-2013-6441
 	RESERVED
-CVE-2013-6440
+CVE-2013-6440 [XML eXternal Entity (XXE) flaw in ParserPool and Decrypter]
 	RESERVED
+	- opensaml2 <unfixed>
+	NOTE: http://shibboleth.net/community/advisories/secadv_20131213.txt
+	NOTE: http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml
+	TODO: check
 CVE-2013-6439
 	RESERVED
 CVE-2013-6438