[Secure-testing-commits] r30805 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Dec 17 19:23:01 UTC 2014
Author: jmm
Date: 2014-12-17 19:23:01 +0000 (Wed, 17 Dec 2014)
New Revision: 30805
Modified:
data/CVE/list
Log:
async-http-client fixed, n/a
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-12-17 19:18:24 UTC (rev 30804)
+++ data/CVE/list 2014-12-17 19:23:01 UTC (rev 30805)
@@ -10667,13 +10667,12 @@
NOT-FOR-US: SAP
CVE-2013-7398 [No SSL HostName verification]
RESERVED
- - async-http-client <unfixed> (bug #773364)
- [wheezy] - async-http-client <no-dsa> (Minor issue)
+ - async-http-client <not-affected> (Vulnerable code not present, bug #773364)
NOTE: https://github.com/AsyncHttpClient/async-http-client/issues/197
NOTE: https://github.com/AsyncHttpClient/async-http-client/commit/3c9152e2c75f7e8b654beec40383748a14c6b51b
CVE-2013-7397 [SSL/TLS certificate verification disabled]
RESERVED
- - async-http-client <unfixed>
+ - async-http-client 1.6.5-3
[wheezy] - async-http-client <no-dsa> (Minor issue)
NOTE: https://github.com/AsyncHttpClient/async-http-client/issues/352
CVE-2013-7396
More information about the Secure-testing-commits
mailing list