[Secure-testing-commits] r27927 - data/CVE
Stefan Fritsch
sf at moszumanska.debian.org
Wed Jul 23 21:46:26 UTC 2014
Author: sf
Date: 2014-07-23 21:46:26 +0000 (Wed, 23 Jul 2014)
New Revision: 27927
Modified:
data/CVE/list
Log:
CVE-2013-4352 does not affect squeeze/wheezy
It only affects 2.4.[56]. Since 2.4.5 was never released, the security info on
the apache web page is actually correct.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-07-23 21:14:13 UTC (rev 27926)
+++ data/CVE/list 2014-07-23 21:46:26 UTC (rev 27927)
@@ -20287,8 +20287,8 @@
[squeeze] - openssl <not-affected> (Only affects 1.0.1 to 1.0.1e)
CVE-2013-4352 (The cache_invalidate function in modules/cache/cache_storage.c in the ...)
- apache2 2.4.7-1 (low)
- NOTE: According to http://httpd.apache.org/security/vulnerabilities_24.html this should only affect
- NOTE: 2.4.6, but that seems wrong, since 2.4.6 was a single-change regression update
+ [wheezy] - apache2 <not-affected> (Only affects 2.4.[56])
+ [squeeze] - apache2 <not-affected> (Only affects 2.4.[56])
CVE-2013-4351 (GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all ...)
{DSA-2774-1 DSA-2773-1}
- gnupg 1.4.15-1 (low; bug #722722)
More information about the Secure-testing-commits
mailing list