[Secure-testing-commits] r25156 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Jan 11 07:17:56 UTC 2014


Author: carnil
Date: 2014-01-11 07:17:56 +0000 (Sat, 11 Jan 2014)
New Revision: 25156

Modified:
   data/CVE/list
Log:
Update CVE-2014-1402 and add CVE-2014-0012/jinja2

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-01-11 07:00:36 UTC (rev 25155)
+++ data/CVE/list	2014-01-11 07:17:56 UTC (rev 25156)
@@ -1,5 +1,6 @@
 CVE-2014-1402 [jinja2.bccache.FileSystemBytecodeCache: insecure default directory]
 	- jinja2 2.7.2-1 (bug #734747)
+	NOTE: 2.7.2 does not create safely temporary files, new CVE-2014-0012 was assigned for this issue
 CVE-2014-1401
 	TODO: check
 CVE-2014-1400
@@ -2966,8 +2967,12 @@
 	RESERVED
 CVE-2014-0013
 	RESERVED
-CVE-2014-0012
+CVE-2014-0012 [unsafe temporary files creation]
 	RESERVED
+	- jinja2 <unfixed>
+	[squeeze] - jinja2 <not-affected> (introduced by fix in 2.7.2)
+	[wheezy] - jinja2 <not-affected> (introduced by fix in 2.7.2)
+	NOTE: introduced by https://github.com/mitsuhiko/jinja2/commit/acb672b6a179567632e032f547582f30fa2f4aa7
 CVE-2014-0011
 	RESERVED
 CVE-2014-0010




More information about the Secure-testing-commits mailing list