[Secure-testing-commits] r25636 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Feb 10 05:24:51 UTC 2014
Author: carnil
Date: 2014-02-10 05:24:51 +0000 (Mon, 10 Feb 2014)
New Revision: 25636
Modified:
data/CVE/list
Log:
Three CVEs assigned for python-gnupg
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-02-09 22:19:15 UTC (rev 25635)
+++ data/CVE/list 2014-02-10 05:24:51 UTC (rev 25636)
@@ -1,6 +1,10 @@
CVE-2013-XXXX [OTP token invalidation]
- oath-toolkit <unfixed>
NOTE: http://lists.nongnu.org/archive/html/oath-toolkit-help/2013-12/msg00000.html
+CVE-2014-1928 [Erroneous insertion of a \ character]
+ - python-gnupg <unfixed>
+CVE-2014-1927 [Erroneous assumptions about the usability of " characters]
+ - python-gnupg <unfixed>
CVE-2014-1896 [XSA-86 libvchan failure handling malicious ring indexes]
- xen <unfixed>
[squeeze] - xen <not-affected> (Only affects 4.2 and later)
@@ -117,11 +121,6 @@
- linux <unfixed>
- linux-2.6 <removed>
TODO: check
-CVE-2014-XXXX [shell injection]
- - python-gnupg <unfixed>
- NOTE: CVE request http://www.openwall.com/lists/oss-security/2014/02/04/1
- NOTE: Security fix in 0.3.5-1 is invalid
- NOTE: https://code.google.com/p/python-gnupg/issues/detail?id=98
CVE-2014-1860 [PHP object insertion]
RESERVED
NOT-FOR-US: Contao CMS
@@ -489,6 +488,8 @@
RESERVED
CVE-2014-1695
RESERVED
+CVE-2013-7323 [Unrestricted use of unquoted strings in a shell]
+ - python-gnupg <unfixed>
CVE-2013-7318 (Cross-site scripting (XSS) vulnerability in BusinessFlow/login in ...)
NOT-FOR-US: AlgoSec Firewall Analyzer
CVE-2014-1750
More information about the Secure-testing-commits
mailing list