[Secure-testing-commits] r28405 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Aug 21 07:55:52 UTC 2014


Author: carnil
Date: 2014-08-21 07:55:52 +0000 (Thu, 21 Aug 2014)
New Revision: 28405

Modified:
   data/CVE/list
Log:
Add CVE-2014-3603, libopensaml2-java, unchecked

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-08-21 07:51:29 UTC (rev 28404)
+++ data/CVE/list	2014-08-21 07:55:52 UTC (rev 28405)
@@ -4069,8 +4069,12 @@
 	RESERVED
 CVE-2014-3604
 	RESERVED
-CVE-2014-3603
+CVE-2014-3603 [HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification]
 	RESERVED
+	- libopensaml2-java <undetermined>
+	NOTE: http://shibboleth.net/community/advisories/secadv_20140813.txt
+	NOTE: http://svn.shibboleth.net/view/java-opensaml2/branches/REL_2/src/main/java/org/opensaml/DefaultBootstrap.java?r1=1622&r2=1666&pathrev=1666
+	TODO: check
 CVE-2014-3602
 	RESERVED
 	NOT-FOR-US: OpenShift




More information about the Secure-testing-commits mailing list