[Secure-testing-commits] r24401 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2013-11-22 12:55:32 +0000 (Fri, 22 Nov 2013)
New Revision: 24401

Modified:
   data/CVE/list
Log:
Add CVE-2013-4164/ruby*

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-11-22 11:47:10 UTC (rev 24400)
+++ data/CVE/list	2013-11-22 12:55:32 UTC (rev 24401)
@@ -6402,8 +6402,12 @@
 CVE-2013-4165 (The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 ...)
 	- bitcoin 0.8.4-1 (bug #717828)
 	NOTE: https://github.com/bitcoin/bitcoin/issues/2838
-CVE-2013-4164
+CVE-2013-4164 [Heap Overflow in Floating Point Parsing]
 	RESERVED
+	- ruby1.8 <unfixed>
+	- ruby1.9.1 <unfixed> (bug #730178)
+	- ruby2.0 <unfixed>
+	NOTE: https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/
 CVE-2013-4163 (The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 ...)
 	{DSA-2745-1}
 	- linux 3.10.5-1