[Secure-testing-commits] r27200 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2014-06-10 20:32:01 +0000 (Tue, 10 Jun 2014)
New Revision: 27200

Modified:
   data/CVE/list
Log:
Add three CVEs from puppet advisories

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-06-10 20:14:49 UTC (rev 27199)
+++ data/CVE/list	2014-06-10 20:32:01 UTC (rev 27200)
@@ -1621,10 +1621,21 @@
 	RESERVED
 CVE-2014-3250
 	RESERVED
+	- puppet <unfixed>
+	NOTE: http://puppetlabs.com/security/cve/CVE-2014-3250
+	TODO: check
 CVE-2014-3249
 	RESERVED
+	NOTE: http://puppetlabs.com/security/cve/cve-2014-3249
+	TODO: check, puppet enterprise only?
 CVE-2014-3248
 	RESERVED
+	- puppet <unfixed>
+	- ruby-hiera <unfixed>
+	- facter <unfixed>
+	- mcollective <unfixed>
+	NOTE: http://puppetlabs.com/security/cve/cve-2014-3248
+	TODO: check affected package list from advisory
 CVE-2014-3247 (Cross-site scripting (XSS) vulnerability in Collabtive 1.2 allows ...)
 	- collabtive <unfixed> (bug #748828)
 	[wheezy] - collabtive <no-dsa> (Minor issue)