[Secure-testing-commits] r30909 - data/CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Mon Dec 22 10:52:10 UTC 2014
Author: hertzog
Date: 2014-12-22 10:52:10 +0000 (Mon, 22 Dec 2014)
New Revision: 30909
Modified:
data/CVE/list
Log:
Mark mediawiki as end-of-life on squeeze and add patch for polarssl
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-12-22 10:21:29 UTC (rev 30908)
+++ data/CVE/list 2014-12-22 10:52:10 UTC (rev 30909)
@@ -4,6 +4,7 @@
[wheezy] - json-glib <not-affected> (Tool not yet present)
CVE-2014-XXXX [XSS]
- mediawiki <unfixed> (bug #773654)
+ [squeeze] - mediawiki <end-of-life>
NOTE: https://phabricator.wikimedia.org/T76686 (still not public)
CVE-2014-XXXX [Malicious site can bypass CORS restrictions in $wgCrossSiteAJAXdomains]
- mediawiki <not-affected> (CORS support was added in 1.20)
@@ -2717,6 +2718,9 @@
RESERVED
- polarssl 1.3.9-1
NOTE: Cf. https://bugzilla.redhat.com/show_bug.cgi?id=1159845#c5 and following.
+ NOTE: Patch for 1.2.x: https://github.com/polarssl/polarssl/commit/6b440389136afbcb0d831f880176c830bd3e0c7c
+ NOTE: Version 1.2.11 also brings other security-relevant fixes. Maybe update to new upstream version?
+
CVE-2014-8627 (PolarSSL 1.3.8 does not properly negotiate the signature algorithm to ...)
- polarssl 1.3.9-1
[wheezy] - polarssl <not-affected> (Problem introduced in 1.3.8)
More information about the Secure-testing-commits
mailing list