[Secure-testing-commits] r27643 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Jul 8 05:14:01 UTC 2014
Author: carnil
Date: 2014-07-08 05:14:01 +0000 (Tue, 08 Jul 2014)
New Revision: 27643
Modified:
data/CVE/list
Log:
CVE-2014-3540 was rejected, CVE-2014-0114 to be used also for commons-beanutils?
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-07-08 05:11:40 UTC (rev 27642)
+++ data/CVE/list 2014-07-08 05:14:01 UTC (rev 27643)
@@ -2584,9 +2584,7 @@
CVE-2014-3541
RESERVED
CVE-2014-3540 [Class loader vulnerability in DefaultResolver]
- RESERVED
- - commons-beanutils 1.9.2-1
- NOTE: https://issues.apache.org/jira/browse/BEANUTILS-463
+ REJECTED
CVE-2014-3539
RESERVED
CVE-2014-3538 (file before 5.19 does not properly restrict the amount of data read ...)
@@ -12192,6 +12190,9 @@
{DSA-2940-1}
- libstruts1.2-java 1.2.9-9 (bug #745897)
NOTE: http://mail-archives.apache.org/mod_mbox/struts-announcements/201404.mbox/%3C535F5F52.4040108%40apache.org%3E
+ - commons-beanutils 1.9.2-1
+ NOTE: https://issues.apache.org/jira/browse/BEANUTILS-463
+ TODO: double check if the CVE reject -> merge to CVE is now correct
CVE-2014-0113 (CookieInterceptor in Apache Struts before 2.3.16.2, when a wildcard ...)
- libstruts1.2-java <not-affected> (Affects Struts 2.0.0 - Struts 2.3.16)
NOTE: https://struts.apache.org/release/2.3.x/docs/s2-021.html
More information about the Secure-testing-commits
mailing list