[Secure-testing-commits] r23649 - data/CVE
Salvatore Bonaccorso
carnil at alioth.debian.org
Fri Sep 13 04:56:47 UTC 2013
Author: carnil
Date: 2013-09-13 04:56:47 +0000 (Fri, 13 Sep 2013)
New Revision: 23649
Modified:
data/CVE/list
Log:
Update entries for python-oauth2 CVEs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-09-13 04:32:48 UTC (rev 23648)
+++ data/CVE/list 2013-09-13 04:56:47 UTC (rev 23649)
@@ -3068,16 +3068,16 @@
RESERVED
CVE-2013-4348
RESERVED
-CVE-2013-4347
+CVE-2013-4347 [Uses poor PRNG]
RESERVED
- python-oauth2 <unfixed>
- TODO: check
NOTE: http://www.openwall.com/lists/oss-security/2013/09/12/5
-CVE-2013-4346
+ NOTE: https://github.com/simplegeo/python-oauth2/issues/9
+CVE-2013-4346 [_check_signature() ignores the nonce value when validating signed urls]
RESERVED
- python-oauth2 <unfixed>
- TODO: check
NOTE: http://www.openwall.com/lists/oss-security/2013/09/12/5
+ NOTE: https://github.com/simplegeo/python-oauth2/issues/129
CVE-2013-4345
RESERVED
CVE-2013-4344
More information about the Secure-testing-commits
mailing list