[Secure-testing-commits] r24889 - in data: . DSA
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Dec 24 05:22:27 UTC 2013
Author: carnil
Date: 2013-12-24 05:22:27 +0000 (Tue, 24 Dec 2013)
New Revision: 24889
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
Reserve DSA number for libcommons-fileupload-java
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2013-12-23 23:07:17 UTC (rev 24888)
+++ data/DSA/list 2013-12-24 05:22:27 UTC (rev 24889)
@@ -1,3 +1,7 @@
+[24 Dec 2013] DSA-2827-1 libcommons-fileupload-java - arbitrary file upload via deserialization
+ {CVE-2013-2186}
+ [squeeze] - libcommons-fileupload-java 1.2.2-1+deb6u1
+ [wheezy] - libcommons-fileupload-java 1.2.2-1+deb7u1
[22 Dec 2013] DSA-2826-1 denyhosts - Remote denial of ssh service
{CVE-2013-6890}
[squeeze] - denyhosts 2.6-7+deb6u2
Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2013-12-23 23:07:17 UTC (rev 24888)
+++ data/dsa-needed.txt 2013-12-24 05:22:27 UTC (rev 24889)
@@ -41,9 +41,6 @@
--
ffmpeg/oldstable (geissert)
--
-libcommons-fileupload-java (carnil)
- to be clarified how to workaround dak problem
---
libtar (luciano)
CVE-2013-4420 still pending
--
More information about the Secure-testing-commits
mailing list