[Secure-testing-commits] r26429 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Apr 3 15:14:14 UTC 2014
Author: carnil
Date: 2014-04-03 15:14:14 +0000 (Thu, 03 Apr 2014)
New Revision: 26429
Modified:
data/CVE/list
Log:
Add two more CVEs for cacti
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-04-03 10:30:07 UTC (rev 26428)
+++ data/CVE/list 2014-04-03 15:14:14 UTC (rev 26429)
@@ -1,5 +1,15 @@
CVE-2014-5880
REJECTED
+CVE-2014-2709
+ - cacti <unfixed>
+ NOTE: http://bugs.cacti.net/view.php?id=2405 (not yet public)
+ NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7439
+ NOTE: CVE for all changes to lib/rrd.php to add cacti_escapeshellarg calls
+CVE-2014-2708 [SQL injection]
+ - cacti <unfixed>
+ NOTE: http://bugs.cacti.net/view.php?id=2405 (not yet public)
+ NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7439
+ NOTE: CVE for all changes to graph_xport.php to ensure that data is numeric
CVE-2014-2707 [cups-browsed remote exploit]
- cups-filters 1.0.51-1 (bug #743470)
[wheezy] - cups-filters <not-affected> (vulnerable code not present)
More information about the Secure-testing-commits
mailing list