[Secure-testing-commits] r28215 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon Aug 11 19:32:30 UTC 2014
Author: jmm
Date: 2014-08-11 19:32:30 +0000 (Mon, 11 Aug 2014)
New Revision: 28215
Modified:
data/CVE/list
Log:
no-dsa: ruby, libvirt, svn
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-08-11 18:24:57 UTC (rev 28214)
+++ data/CVE/list 2014-08-11 19:32:30 UTC (rev 28215)
@@ -43,7 +43,9 @@
[wheezy] - xcfa <no-dsa> (Minor issue)
CVE-2014-3528 [MD5 collision authentication leak]
RESERVED
- - subversion <unfixed>
+ - subversion <unfixed> (low)
+ [squeeze] - subversion <no-dsa> (Minor issue)
+ [wheezy] - subversion <no-dsa> (Minor issue)
NOTE: http://mail-archives.apache.org/mod_mbox/subversion-dev/201407.mbox/%3C53DAB4A7.8030004%40reser.org%3E
CVE-2014-XXXX [Enforce use of HTTPS for MathJax in IPython]
- ipython 0.12-1
@@ -55,7 +57,9 @@
CVE-2014-5179 [drupal6-freelinking: access bypass issue]
NOT-FOR-US: drupal6-freelinking module
CVE-2014-5177 [Unsafe parsing of XML documents allows arbitrary file read]
- - libvirt 1.2.4-1
+ - libvirt 1.2.4-1 (low)
+ [wheezy] - libvirt <no-dsa> (Minor issue)
+ [squeeze] - libvirt <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://security.libvirt.org/2014/0003.html
CVE-2014-5170
RESERVED
@@ -569,10 +573,12 @@
NOTE: https://www.drupal.org/SA-CORE-2014-003
CVE-2014-4975 [ruby pack.c buffer overrun]
RESERVED
- - ruby1.8 <unfixed>
- - ruby1.9.1 <unfixed>
- - ruby2.0 <unfixed>
- - ruby2.1 <unfixed>
+ - ruby1.8 <unfixed> (low)
+ [wheezy] - ruby1.8 <no-dsa> (Minor issue)
+ - ruby1.9.1 <unfixed> (low)
+ [wheezy] - ruby1.9.1 <no-dsa> (Minor issue)
+ - ruby2.0 <unfixed> (low)
+ - ruby2.1 <unfixed> (low)
NOTE: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=46778
TODO: check
CVE-2014-4974
More information about the Secure-testing-commits
mailing list