[Secure-testing-commits] r25831 - data/CVE

Sat Feb 22 05:49:20 UTC 2014

Author: carnil
Date: 2014-02-22 05:49:20 +0000 (Sat, 22 Feb 2014)
New Revision: 25831

Modified:
   data/CVE/list
Log:
Add new rails-3.2 source package. Packaging was unified into one source package again

Note for the tracker: at commit point both rails-3.2 and ruby-*-3.2
still in unstable. Thus left the ruby-*-3.2 <unfixed> items

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2014-02-21 15:09:10 UTC (rev 25830)
+++ data/CVE/list	2014-02-22 05:49:20 UTC (rev 25831)
@@ -5231,6 +5231,7 @@
 	TODO: check
 CVE-2014-0082 (actionpack/lib/action_view/template/text.rb in Action View in Ruby on ...)
 	- rails-4.0 <not-affected> (only 3.2.x and earlier)
+	- rails-3.2 <unfixed>
 	- ruby-actionpack-3.2 <unfixed>
 	- ruby-actionpack-2.3 <removed>
 	- rails 2.3.14.1
@@ -5238,6 +5239,7 @@
 	TODO: check
 CVE-2014-0081 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	- rails-4.0 <unfixed>
+	- rails-3.2 <unfixed>
 	- ruby-actionpack-3.2 <unfixed>
 	- ruby-actionpack-2.3 <removed>
 	- rails 2.3.14.1
@@ -6795,6 +6797,7 @@
 	NOTE: fix: https://bugzilla.redhat.com/attachment.cgi?id=851357
 CVE-2013-6417 (actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before ...)
 	- rails-4.0 4.0.2+dfsg-1 (bug #731290)
+	- rails-3.2 3.2.16-3+0
 	- ruby-actionpack-3.2 3.2.16-1 (bug #731288)
 	- ruby-actionpack-2.3 <not-affected> (vulnerable code not present)
 	- rails 2.3.14.1
@@ -6808,12 +6811,14 @@
 	NOTE: Starting with 2.3.14.1 rails is a transition package
 CVE-2013-6415 (Cross-site scripting (XSS) vulnerability in the number_to_currency ...)
 	- rails-4.0 4.0.2+dfsg-1 (bug #731290)
+	- rails-3.2 3.2.16-3+0
 	- ruby-actionpack-3.2 3.2.16-1 (bug #731288)
 	- ruby-actionpack-2.3 <removed> (bug #731289)
 	- rails 2.3.14.1
 	NOTE: Starting with 2.3.14.1 rails is a transition package
 CVE-2013-6414 (actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on ...)
 	- rails-4.0 4.0.2+dfsg-1 (bug #731290)
+	- rails-3.2 3.2.16-3+0
 	- ruby-actionpack-3.2 3.2.16-1 (bug #731288)
 	- ruby-actionpack-2.3 <not-affected> (vulnerable code not present)
 	- rails <not-affected> (vulnerable code not present)
@@ -11562,6 +11567,7 @@
 	[squeeze] - libi18n-ruby <not-affected> (vulnerable code not present)
 CVE-2013-4491 (Cross-site scripting (XSS) vulnerability in ...)
 	- rails-4.0 4.0.2+dfsg-1 (bug #731290)
+	- rails-3.2 3.2.16-3+0
 	- ruby-actionpack-3.2 3.2.16-1 (bug #731288)
 	- ruby-actionpack-2.3 <not-affected> (vulnerable code not present)
 	- rails <not-affected> (Vulnerable code not present)
@@ -14923,6 +14929,7 @@
 	- linux-2.6 <removed> (low)
 	- linux 3.8.11-1 (low)
 CVE-2013-3221 (The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and ...)
+	- rails-3.2 <unfixed> (unimportant)
 	- ruby-activerecord-3.2 <unfixed> (unimportant)
 	- ruby-activerecord-2.3 <unfixed> (unimportant)
 	- rails 2.3.14.1 (unimportant)


