[Secure-testing-commits] r27806 - data/CVE

Luciano Bello luciano at moszumanska.debian.org
Fri Jul 18 10:38:56 UTC 2014 

Author: luciano
Date: 2014-07-18 10:38:56 +0000 (Fri, 18 Jul 2014)
New Revision: 27806

Modified:
   data/CVE/list
Log:
Ruby gems issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-07-18 08:58:21 UTC (rev 27805)
+++ data/CVE/list	2014-07-18 10:38:56 UTC (rev 27806)
@@ -1,33 +1,33 @@
-CVE-2014-5004
-	TODO: check
-CVE-2014-5003
-	TODO: check
-CVE-2014-5002
-	TODO: check
-CVE-2014-5001
-	TODO: check
-CVE-2014-5000
-	TODO: check
-CVE-2014-4999
-	TODO: check
-CVE-2014-4998
-	TODO: check
-CVE-2014-4997
-	TODO: check
-CVE-2014-4996
-	TODO: check
-CVE-2014-4995
-	TODO: check
-CVE-2014-4994
-	TODO: check
-CVE-2014-4993
-	TODO: check
-CVE-2014-4992
+CVE-2014-5004 [Ruby Gem brbackup-0.1.1: exposes the database password to the command line]
+	NOT-FOR-US: Ruby Gem brbackup
+CVE-2014-5003 [Ruby Gem ciborg-3.0.0: race condition when creating /tmp/perlbrew-installer]
+	NOT-FOR-US: Ruby Gem ciborg
+CVE-2014-5002 [Ruby Gem lynx-0.2.0: expose the password to the process table]
+	NOT-FOR-US: Ruby Gem lynx
+CVE-2014-5001 [Ruby Gem kcapifony-2.1.6: expose the password to the process table]
+	NOT-FOR-US: Ruby Gem kcapifony
+CVE-2014-5000 [Ruby Gem lawn-login-0.0.7: exposes the mysql password to the process table]
+	NOT-FOR-US: Ruby Gem lawn-login
+CVE-2014-4999 [Ruby Gem kajam-1.0.3.rc2: exposes the mysql password to the process table]
+	NOT-FOR-US: Ruby Gem kajam
+CVE-2014-4998 [Ruby Gem lean-ruport-0.3.8: exposes the mysql password to the process table]
+	NOT-FOR-US: Ruby Gem lean-ruport
+CVE-2014-4997 [Ruby Gem point-cli-0.0.1: exposes the username and password combination to the process table]
+	NOT-FOR-US: Ruby Gem point-cli
+CVE-2014-4996 [Ruby Gem VladTheEnterprising-0.2: clobber files via symlink attack]
+	NOT-FOR-US: Ruby Gem VladTheEnterprising
+CVE-2014-4995 [Ruby Gem VladTheEnterprising-0.2: Information Leakage]
+	NOT-FOR-US: Ruby Gem VladTheEnterprising
+CVE-2014-4994 [Ruby Gem gyazo-1.0.0: Insecure Temporary File]
+	NOT-FOR-US: Ruby Gem gyazo
+CVE-2014-4993 [Ruby Gems backup-agoddard and backup_checksum: expose the password to the process table]
+	NOT-FOR-US: Ruby Gems backup-agoddard and backup_checksum
+CVE-2014-4992 [Ruby Gem cap-strap-0.1.5: expose the password to the process table]
 	RESERVED
-	TODO: check
-CVE-2014-4991
+	NOT-FOR-US: Ruby Gem cap-strap
+CVE-2014-4991 [Ruby Gem codders-dataset-1.3.2.1: expose the password to the process table]
 	RESERVED
-	TODO: check
+	NOT-FOR-US: Ruby Gem codders-dataset
 CVE-2014-4990
 	RESERVED
 CVE-2014-4989

More information about the Secure-testing-commits mailing list