[Secure-testing-commits] r27574 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Jul 3 06:05:43 UTC 2014


Author: carnil
Date: 2014-07-03 06:05:41 +0000 (Thu, 03 Jul 2014)
New Revision: 27574

Modified:
   data/CVE/list
Log:
Add two rails CVEs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-07-03 04:36:42 UTC (rev 27573)
+++ data/CVE/list	2014-07-03 06:05:41 UTC (rev 27574)
@@ -2670,10 +2670,22 @@
 CVE-2014-3484 [stack-based buffer overflow]
 	RESERVED
 	- musl <unfixed> (bug #750815)
-CVE-2014-3483
+CVE-2014-3483 [SQL Injection Vulnerability in 'range' quoting]
 	RESERVED
-CVE-2014-3482
+	- ruby-activerecord-2.3 <removed>
+	- ruby-activerecord-3.2 <removed>
+	- rails <unfixed>
+	- rails-3.2 <unfixed>
+	- rails-4.0 <unfixed>
+	TODO: check, additioanlly rails is now again a sourcepackage e.g. providing ruby-activerecord-3.2
+CVE-2014-3482 [SQL Injection Vulnerability in 'bitstring' quoting]
 	RESERVED
+	- ruby-activerecord-2.3 <removed>
+	- ruby-activerecord-3.2 <removed>
+	- rails <unfixed>
+	- rails-3.2 <unfixed>
+	- rails-4.0 <unfixed>
+	TODO: check, additioanlly rails is now again a sourcepackage e.g. providing ruby-activerecord-3.2
 CVE-2014-3481
 	RESERVED
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)




More information about the Secure-testing-commits mailing list