[Secure-testing-commits] r27828 - in data: . CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Sat Jul 19 10:10:44 UTC 2014
Author: jmm
Date: 2014-07-19 10:10:43 +0000 (Sat, 19 Jul 2014)
New Revision: 27828
Modified:
data/CVE/list
data/dsa-needed.txt
Log:
ipython no-dsa
mark rails 2.3 as eol
take transmission
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-07-19 10:08:28 UTC (rev 27827)
+++ data/CVE/list 2014-07-19 10:10:43 UTC (rev 27828)
@@ -3457,20 +3457,20 @@
- musl <unfixed> (bug #750815)
CVE-2014-3483 (SQL injection vulnerability in ...)
- ruby-activerecord-2.3 <removed>
+ [wheezy] - ruby-activerecord-2.3 <end-of-life>
- ruby-activerecord-3.2 <removed>
- rails <unfixed>
[wheezy] - rails <not-affected> (src:rails in wheezy is just a transition package)
- rails-3.2 3.2.19-1
- rails-4.0 <unfixed>
- TODO: check, additionally rails is now again a sourcepackage e.g. providing ruby-activerecord-3.2
CVE-2014-3482 (SQL injection vulnerability in ...)
- ruby-activerecord-2.3 <removed>
+ [wheezy] - ruby-activerecord-2.3 <end-of-life>
- ruby-activerecord-3.2 <removed>
- rails <unfixed>
[wheezy] - rails <not-affected> (src:rails in wheezy is just a transition package)
- rails-3.2 3.2.19-1
- rails-4.0 <unfixed>
- TODO: check, additionally rails is now again a sourcepackage e.g. providing ruby-activerecord-3.2
CVE-2014-3481 (org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2014-3480 (The cdf_count_chain function in cdf.c in file before 5.19, as used in ...)
@@ -3725,7 +3725,8 @@
NOT-FOR-US: Symantec PGP Desktop
CVE-2014-3429 [Cross domain websocket hijacking]
RESERVED
- - ipython 1.2.0~rc1-1
+ - ipython 1.2.0~rc1-1 (low)
+ [wheezy] - ipython <no-dsa> (Minor issue)
[squeeze] - ipython <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ipython/ipython/pull/4845
CVE-2014-3428 (Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with ...)
@@ -13070,6 +13071,7 @@
- rails-3.2 3.2.17-1
- ruby-actionpack-3.2 <removed>
- ruby-actionpack-2.3 <removed>
+ [wheezy] - ruby-actionpack-2.3 <end-of-life>
- rails 2.3.14.1
[squeeze] - rails <end-of-life> (Unsupported in squeeze-lts)
NOTE: Starting with 2.3.14.1 rails is a transition package
@@ -13079,6 +13081,7 @@
- rails-3.2 3.2.17-1
- ruby-actionpack-3.2 <removed>
- ruby-actionpack-2.3 <removed>
+ [wheezy] - ruby-actionpack-2.3 <end-of-life>
- rails 2.3.14.1
[squeeze] - rails <end-of-life> (Unsupported in squeeze-lts)
NOTE: Starting with 2.3.14.1 rails is a transition package
@@ -14744,6 +14747,7 @@
- rails-3.2 3.2.16-3+0
- ruby-actionpack-3.2 3.2.16-1 (bug #731288)
- ruby-actionpack-2.3 <removed> (bug #731289)
+ [wheezy] - ruby-actionpack-2.3 <end-of-life>
- rails <not-affected> (vulnerable code not present)
NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2013-6414 (actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on ...)
Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2014-07-19 10:08:28 UTC (rev 27827)
+++ data/dsa-needed.txt 2014-07-19 10:10:43 UTC (rev 27828)
@@ -52,10 +52,7 @@
--
qemu-kvm (jmm)
--
-ruby-actionpack-2.3 (jmm)
- will be EOLed
+transmission (jmm)
--
-transmission
---
xen
--
More information about the Secure-testing-commits
mailing list