[Secure-testing-commits] r28467 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Aug 26 04:48:44 UTC 2014
Author: carnil
Date: 2014-08-26 04:48:37 +0000 (Tue, 26 Aug 2014)
New Revision: 28467
Modified:
data/CVE/list
Log:
Add CVE-2013-7397 and CVE-2013-7398
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-08-26 04:33:42 UTC (rev 28466)
+++ data/CVE/list 2014-08-26 04:48:37 UTC (rev 28467)
@@ -542,6 +542,15 @@
NOT-FOR-US: SAP
CVE-2014-5171 (SAP HANA Extend Application Services (XS) does not encrypt ...)
NOT-FOR-US: SAP
+CVE-2013-7398 [No SSL HostName verification]
+ - async-http-client <unfixed>
+ NOTE: https://github.com/AsyncHttpClient/async-http-client/issues/197
+ NOTE: https://github.com/AsyncHttpClient/async-http-client/commit/3c9152e2c75f7e8b654beec40383748a14c6b51b
+ TODO: check
+CVE-2013-7397 [SSL/TLS certificate verification disabled]
+ - async-http-client <unfixed>
+ NOTE: https://github.com/AsyncHttpClient/async-http-client/issues/352
+ TODO: check
CVE-2013-7396
RESERVED
CVE-2013-7395 (ZOLL Defibrillator / Monitor X Series has a default (1) supervisor ...)
More information about the Secure-testing-commits
mailing list