[Secure-testing-commits] r27828 - in data: . CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2014-07-19 10:10:43 +0000 (Sat, 19 Jul 2014)
New Revision: 27828

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
ipython no-dsa
mark rails 2.3 as eol
take transmission


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-07-19 10:08:28 UTC (rev 27827)
+++ data/CVE/list	2014-07-19 10:10:43 UTC (rev 27828)
@@ -3457,20 +3457,20 @@
 	- musl <unfixed> (bug #750815)
 CVE-2014-3483 (SQL injection vulnerability in ...)
 	- ruby-activerecord-2.3 <removed>
+	[wheezy] - ruby-activerecord-2.3 <end-of-life>
 	- ruby-activerecord-3.2 <removed>
 	- rails <unfixed>
 	[wheezy] - rails <not-affected> (src:rails in wheezy is just a transition package)
 	- rails-3.2 3.2.19-1
 	- rails-4.0 <unfixed>
-	TODO: check, additionally rails is now again a sourcepackage e.g. providing ruby-activerecord-3.2
 CVE-2014-3482 (SQL injection vulnerability in ...)
 	- ruby-activerecord-2.3 <removed>
+	[wheezy] - ruby-activerecord-2.3 <end-of-life>
 	- ruby-activerecord-3.2 <removed>
 	- rails <unfixed>
 	[wheezy] - rails <not-affected> (src:rails in wheezy is just a transition package)
 	- rails-3.2 3.2.19-1
 	- rails-4.0 <unfixed>
-	TODO: check, additionally rails is now again a sourcepackage e.g. providing ruby-activerecord-3.2
 CVE-2014-3481 (org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat ...)
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
 CVE-2014-3480 (The cdf_count_chain function in cdf.c in file before 5.19, as used in ...)
@@ -3725,7 +3725,8 @@
 	NOT-FOR-US: Symantec PGP Desktop
 CVE-2014-3429 [Cross domain websocket hijacking]
 	RESERVED
-	- ipython 1.2.0~rc1-1
+	- ipython 1.2.0~rc1-1 (low)
+	[wheezy] - ipython <no-dsa> (Minor issue)
 	[squeeze] - ipython <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/ipython/ipython/pull/4845
 CVE-2014-3428 (Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with ...)
@@ -13070,6 +13071,7 @@
 	- rails-3.2 3.2.17-1
 	- ruby-actionpack-3.2 <removed>
 	- ruby-actionpack-2.3 <removed>
+	[wheezy] - ruby-actionpack-2.3 <end-of-life>
 	- rails 2.3.14.1
 	[squeeze] - rails <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: Starting with 2.3.14.1 rails is a transition package
@@ -13079,6 +13081,7 @@
 	- rails-3.2 3.2.17-1
 	- ruby-actionpack-3.2 <removed>
 	- ruby-actionpack-2.3 <removed>
+	[wheezy] - ruby-actionpack-2.3 <end-of-life>
 	- rails 2.3.14.1
 	[squeeze] - rails <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: Starting with 2.3.14.1 rails is a transition package
@@ -14744,6 +14747,7 @@
 	- rails-3.2 3.2.16-3+0
 	- ruby-actionpack-3.2 3.2.16-1 (bug #731288)
 	- ruby-actionpack-2.3 <removed> (bug #731289)
+	[wheezy] - ruby-actionpack-2.3 <end-of-life>
 	- rails <not-affected> (vulnerable code not present)
 	NOTE: Starting with 2.3.14.1 rails is a transition package
 CVE-2013-6414 (actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on ...)

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2014-07-19 10:08:28 UTC (rev 27827)
+++ data/dsa-needed.txt	2014-07-19 10:10:43 UTC (rev 27828)
@@ -52,10 +52,7 @@
 --
 qemu-kvm (jmm)
 --
-ruby-actionpack-2.3 (jmm)
-   will be EOLed
+transmission (jmm)
 --
-transmission
---
 xen
 --