[Secure-testing-commits] r25498 - in data: CVE packages
Raphael Geissert
atomo64-guest at moszumanska.debian.org
Mon Feb 3 14:21:10 UTC 2014
Author: atomo64-guest
Date: 2014-02-03 14:21:09 +0000 (Mon, 03 Feb 2014)
New Revision: 25498
Modified:
data/CVE/list
data/packages/removed-packages
Log:
passenger CVEified
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-02-03 12:55:51 UTC (rev 25497)
+++ data/CVE/list 2014-02-03 14:21:09 UTC (rev 25498)
@@ -1,3 +1,11 @@
+CVE-2014-1832 [incomplete fix of CVE-2014-1831]
+ - ruby-passenger <not-affected> (incomplete patch never applied)
+ - passenger <not-affected> (incomplete patch never applied)
+CVE-2014-1831 [insecure use of /tmp]
+ - ruby-passenger <unfixed> (low; bug #736958)
+ [wheezy] - ruby-passenger <no-dsa> (low; bug #736958)
+ - passenger <removed>
+ [squeeze] - passenger <no-dsa> (minor issue)
CVE-2014-XXXX [insecure use of /tmp]
- a2ps <unfixed> (bug #737385)
CVE-2014-XXXX [hardening to the defaults]
@@ -32,8 +40,6 @@
NOTE: http://bugs.python.org/issue20078
CVE-2014-XXXX [no input validation for search function]
- fookebox <unfixed> (bug #736821)
-CVE-2014-XXXX [insecure use of /tmp]
- - ruby-passenger <unfixed> (bug #736958)
CVE-2013-XXXX
- suphp <unfixed> (bug #736969)
NOTE: Should be removed from the archive (dead upstream / orphaned)
Modified: data/packages/removed-packages
===================================================================
--- data/packages/removed-packages 2014-02-03 12:55:51 UTC (rev 25497)
+++ data/packages/removed-packages 2014-02-03 14:21:09 UTC (rev 25498)
@@ -249,3 +249,4 @@
postgresql-9.0
mysql-5.1
libpam-rsa
+passenger
More information about the Secure-testing-commits
mailing list