[Secure-testing-commits] r21247 - data/CVE
Salvatore Bonaccorso
carnil at alioth.debian.org
Tue Feb 12 07:22:00 UTC 2013
Author: carnil
Date: 2013-02-12 07:22:00 +0000 (Tue, 12 Feb 2013)
New Revision: 21247
Modified:
data/CVE/list
Log:
add entry for CVE-2013-0277
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-02-12 07:18:55 UTC (rev 21246)
+++ data/CVE/list 2013-02-12 07:22:00 UTC (rev 21247)
@@ -3369,8 +3369,13 @@
RESERVED
CVE-2013-0278
RESERVED
-CVE-2013-0277
+CVE-2013-0277 [Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0]
RESERVED
+ - ruby-activerecord-2.3 <unfixed>
+ - rails <unfixed>
+ NOTE: According to advisory 3.1.0 and above are not affected, check?
+ NOTE: Starting with 2.3.14.1 rails is a transition package
+ TODO: check and report to BTS
CVE-2013-0276 [Circumvention of attr_protected]
RESERVED
- ruby-activerecord-3.2 <unfixed>
More information about the Secure-testing-commits
mailing list