[Secure-testing-commits] r27818 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Jul 18 18:54:29 UTC 2014
Author: carnil
Date: 2014-07-18 18:54:29 +0000 (Fri, 18 Jul 2014)
New Revision: 27818
Modified:
data/CVE/list
Log:
CVE-2014-5009/libphp-snoopy added
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-07-18 18:53:01 UTC (rev 27817)
+++ data/CVE/list 2014-07-18 18:54:29 UTC (rev 27818)
@@ -1,5 +1,9 @@
CVE-2014-XXXX [basic http authentication bypass]
- bozohttpd <unfixed> (bug #755197)
+CVE-2014-5009 [Incorrect fix for CVE-2014-5008]
+ - libphp-snoopy <not-affected> (Incorrect fix not applied)
+ NOTE: This issue exists because of an incorrect fix for CVE-2014-5008.
+ NOTE: https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706
CVE-2014-5008 [Incorrect fix for CVE-2008-4796, escapeshellarg required]
- libphp-snoopy <unfixed>
NOTE: http://mstrokin.com/sec/feed2js-magpierss-0day-vulnerability-not-really-it-is-actually-cve-2005-3330-cve-2008-4796/
More information about the Secure-testing-commits
mailing list