[Secure-testing-commits] r30676 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Dec 11 16:49:30 UTC 2014
Author: carnil
Date: 2014-12-11 16:49:30 +0000 (Thu, 11 Dec 2014)
New Revision: 30676
Modified:
data/CVE/list
Log:
Add CVE-2014-9365
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-12-11 15:28:32 UTC (rev 30675)
+++ data/CVE/list 2014-12-11 16:49:30 UTC (rev 30676)
@@ -822,6 +822,15 @@
NOTE: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872
NOTE: http://debbugs.gnu.org/cgi/bugreport.cgi?msg=11;filename=date-tz-crash.patch;att=1;bug=16872
NOTE: http://debbugs.gnu.org/cgi/bugreport.cgi?msg=19;filename=coreutils-date-crash.patch;att=1;bug=16872
+CVE-2014-9365 [certificate verification by default for stdlib http clients]
+ - python2.5 <removed>
+ - python2.6 <removed>
+ - python2.7 <unfixed>
+ - python3.1 <removed>
+ - python3.2 <removed>
+ - python3.3 <removed>
+ - python3.4 <unfixed>
+ TODO: check
CVE-2014-9351 [denial-of-service]
- teeworlds 0.6.2+dfsg-2 (bug #770514)
[wheezy] - teeworlds <no-dsa> (Minor issue)
@@ -14220,7 +14229,7 @@
RESERVED
- jenkins <unfixed> (bug #767541)
[jessie] - jenkins <no-dsa> (Backport not feasible, insecure feature is documented as such)
- NOTE: For jessie, the backport is too intrusive and since it's a cornercase, it's only documented,
+ NOTE: For jessie, the backport is too intrusive and since it's a cornercase, it's only documented,
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30
CVE-2014-3664 (Directory traversal vulnerability in CloudBees Jenkins before 1.583 ...)
- jenkins 1.565.3-1 (bug #763899)
More information about the Secure-testing-commits
mailing list