[Secure-testing-commits] r27157 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Thu Jun 5 11:18:12 UTC 2014
Author: jmm
Date: 2014-06-05 11:18:12 +0000 (Thu, 05 Jun 2014)
New Revision: 27157
Modified:
data/CVE/list
Log:
ruby confirmed windows-specific
remove horde-ldap entry, additional hardening for broken LDAP servers, not a security issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-06-05 09:14:11 UTC (rev 27156)
+++ data/CVE/list 2014-06-05 11:18:12 UTC (rev 27157)
@@ -62,8 +62,6 @@
TODO: check
CVE-2011-5280 (Multiple stack-based buffer overflows in BOINC 6.13.x allow remote ...)
TODO: check
-CVE-2014-XXXX [Stricter parameter check in bind() to detect empty passwords]
- - php-horde-ldap 2.0.6-1
CVE-2014-3969 [XSA-98]
- xen <not-affected> (Only ARM systems are affected from Xen 4.4 onwards)
CVE-2014-3970 [pulseaudio: crash due to empty UDP packet]
@@ -105,7 +103,7 @@
- ruby2.0 <unfixed> (unimportant)
- ruby1.9.1 <unfixed> (unimportant)
- ruby1.8 <unfixed> (unimportant)
- TODO: double check, vulnerable code present but only affects x64-mingw32
+ NOTE: Only exploitable on Windows
CVE-2014-3915
RESERVED
CVE-2014-3914
More information about the Secure-testing-commits
mailing list