[Secure-testing-commits] r26649 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Apr 22 04:40:48 UTC 2014
Author: carnil
Date: 2014-04-22 04:40:23 +0000 (Tue, 22 Apr 2014)
New Revision: 26649
Modified:
data/CVE/list
Log:
CVE assigned for node-connect
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-04-21 19:03:25 UTC (rev 26648)
+++ data/CVE/list 2014-04-22 04:40:23 UTC (rev 26649)
@@ -74,6 +74,11 @@
- grails <itp> (bug #473213)
CVE-2014-2857 (The default configuration of the Resources plugin 1.0.0 before 1.2.6 ...)
- grails <itp> (bug #473213)
+CVE-2013-7371 [XSS in the Sencha Labs Connect middleware]
+ - node-connect <not-affected> (Only applies when incomplete fix applied)
+ NOTE: CVE for incomplete fix for CVE-2013-7370, fixed in 2.8.2
+CVE-2013-7370 [XSS in the Sencha Labs Connect middleware]
+ - node-connect <unfixed> (bug #744374)
CVE-2013-7368 (Multiple cross-site scripting (XSS) vulnerabilities in Gnew 2013.1 ...)
NOT-FOR-US: Gnew
CVE-2014-2892 [heap-based buffer overflow]
@@ -505,10 +510,6 @@
RESERVED
CVE-2014-2687
RESERVED
-CVE-2013-XXXX [node-connect: methodOverride middleware reflected cross-site scripting]
- - node-connect <unfixed> (bug #744374)
- NOTE: https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting
- NOTE: CVE request http://www.openwall.com/lists/oss-security/2014/04/15/2
CVE-2013-7354
RESERVED
- libpng <not-affected> (Only affects 1.5 and later)
More information about the Secure-testing-commits
mailing list