[Secure-testing-commits] r20932 - data/CVE
Thijs Kinkhorst
thijs at alioth.debian.org
Wed Jan 16 07:46:03 UTC 2013
Author: thijs
Date: 2013-01-16 07:46:03 +0000 (Wed, 16 Jan 2013)
New Revision: 20932
Modified:
data/CVE/list
Log:
further research shows that CVE-2013-0155 does affect 2.x
updates are in preparation
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-01-16 07:23:24 UTC (rev 20931)
+++ data/CVE/list 2013-01-16 07:46:03 UTC (rev 20932)
@@ -2907,10 +2907,11 @@
NOTE: experimental has 3.2.8-1 and should be affected too
CVE-2013-0155 (Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x ...)
- ruby-activerecord-3.2 3.2.6-4 (bug #697744)
- - ruby-activerecord-2.3 <not-affected> (Only applies to 3.x)
+ - ruby-activerecord-2.3 <unfixed>
- ruby-actionpack-3.2 3.2.6-5 (bug #697802)
- - ruby-actionpack-2.3 <not-affected> (Only applies to 3.x)
- - rails <not-affected> (Only applies to 3.x)
+ - ruby-actionpack-2.3 <unfixed>
+ - rails 2.3.14.1
+ [squeeze] - rails <unfixed>
NOTE: Starting with 2.3.14.1 rails is a transition package
NOTE: http://www.openwall.com/lists/oss-security/2013/01/08/13
CVE-2013-0154 (The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when ...)
More information about the Secure-testing-commits
mailing list