[Secure-testing-commits] r24219 - data/CVE
Salvatore Bonaccorso
carnil at alioth.debian.org
Wed Oct 30 05:21:35 UTC 2013
Author: carnil
Date: 2013-10-30 05:21:35 +0000 (Wed, 30 Oct 2013)
New Revision: 24219
Modified:
data/CVE/list
Log:
Correct entries for sup-mail
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-10-29 21:41:08 UTC (rev 24218)
+++ data/CVE/list 2013-10-30 05:21:35 UTC (rev 24219)
@@ -4001,11 +4001,14 @@
RESERVED
CVE-2013-4480
RESERVED
-CVE-2013-4479
+CVE-2013-4479 [prevent remote command injection in content_type]
RESERVED
-CVE-2013-4478 [remote command injection in content_type]
- sup-mail <unfixed> (bug #728232)
+ NOTE: https://github.com/sup-heliotrope/sup/commit/ca0302e0c716682d2de22e9136400c704cc93e42
+CVE-2013-4478 [shellwords escape attachment file names to prevent remote code execution]
+ - sup-mail <unfixed> (bug #728232)
NOTE: http://rubyforge.org/pipermail/sup-talk/2013-October/004996.html
+ NOTE: https://github.com/sup-heliotrope/sup/commit/8b46cdbfc14e07ca07d403aa28b0e7bc1c544785
CVE-2013-4477 [OpenStack Keystone: Unintentional role granting with Keystone LDAP backend]
RESERVED
- keystone <unfixed> (bug #728233)
More information about the Secure-testing-commits
mailing list