[Secure-testing-commits] r27574 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Jul 3 06:05:43 UTC 2014
Author: carnil
Date: 2014-07-03 06:05:41 +0000 (Thu, 03 Jul 2014)
New Revision: 27574
Modified:
data/CVE/list
Log:
Add two rails CVEs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-07-03 04:36:42 UTC (rev 27573)
+++ data/CVE/list 2014-07-03 06:05:41 UTC (rev 27574)
@@ -2670,10 +2670,22 @@
CVE-2014-3484 [stack-based buffer overflow]
RESERVED
- musl <unfixed> (bug #750815)
-CVE-2014-3483
+CVE-2014-3483 [SQL Injection Vulnerability in 'range' quoting]
RESERVED
-CVE-2014-3482
+ - ruby-activerecord-2.3 <removed>
+ - ruby-activerecord-3.2 <removed>
+ - rails <unfixed>
+ - rails-3.2 <unfixed>
+ - rails-4.0 <unfixed>
+ TODO: check, additioanlly rails is now again a sourcepackage e.g. providing ruby-activerecord-3.2
+CVE-2014-3482 [SQL Injection Vulnerability in 'bitstring' quoting]
RESERVED
+ - ruby-activerecord-2.3 <removed>
+ - ruby-activerecord-3.2 <removed>
+ - rails <unfixed>
+ - rails-3.2 <unfixed>
+ - rails-4.0 <unfixed>
+ TODO: check, additioanlly rails is now again a sourcepackage e.g. providing ruby-activerecord-3.2
CVE-2014-3481
RESERVED
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
More information about the Secure-testing-commits
mailing list