[Secure-testing-commits] r25156 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Jan 11 07:17:56 UTC 2014
Author: carnil
Date: 2014-01-11 07:17:56 +0000 (Sat, 11 Jan 2014)
New Revision: 25156
Modified:
data/CVE/list
Log:
Update CVE-2014-1402 and add CVE-2014-0012/jinja2
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-01-11 07:00:36 UTC (rev 25155)
+++ data/CVE/list 2014-01-11 07:17:56 UTC (rev 25156)
@@ -1,5 +1,6 @@
CVE-2014-1402 [jinja2.bccache.FileSystemBytecodeCache: insecure default directory]
- jinja2 2.7.2-1 (bug #734747)
+ NOTE: 2.7.2 does not create safely temporary files, new CVE-2014-0012 was assigned for this issue
CVE-2014-1401
TODO: check
CVE-2014-1400
@@ -2966,8 +2967,12 @@
RESERVED
CVE-2014-0013
RESERVED
-CVE-2014-0012
+CVE-2014-0012 [unsafe temporary files creation]
RESERVED
+ - jinja2 <unfixed>
+ [squeeze] - jinja2 <not-affected> (introduced by fix in 2.7.2)
+ [wheezy] - jinja2 <not-affected> (introduced by fix in 2.7.2)
+ NOTE: introduced by https://github.com/mitsuhiko/jinja2/commit/acb672b6a179567632e032f547582f30fa2f4aa7
CVE-2014-0011
RESERVED
CVE-2014-0010
More information about the Secure-testing-commits
mailing list