[Secure-testing-commits] r30524 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Dec 4 04:50:20 UTC 2014
Author: carnil
Date: 2014-12-04 04:50:20 +0000 (Thu, 04 Dec 2014)
New Revision: 30524
Modified:
data/CVE/list
Log:
Add two mediawiki issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-12-04 04:43:36 UTC (rev 30523)
+++ data/CVE/list 2014-12-04 04:50:20 UTC (rev 30524)
@@ -1,3 +1,11 @@
+CVE-2014-XXXX [XSS in Special:ExpandTemplates]
+ - mediawiki <unfixed>
+ [squeeze] - mediawiki <end-of-life>
+ NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=71111
+CVE-2014-XXXX [<cross-domain-policy> mangling allows injection in API format=php]
+ - mediawiki <unfixed>
+ [squeeze] - mediawiki <end-of-life>
+ NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=71478
CVE-2014-XXXX [heap overflow in getlline()]
- procmail 3.22-23 (bug #771958)
[wheezy] - procmail <no-dsa> (Problem happens with specifically-crafted user-controlled ~/.procmailrc)
More information about the Secure-testing-commits
mailing list