[Secure-testing-commits] r26156 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue Mar 18 06:07:54 UTC 2014


Author: jmm
Date: 2014-03-18 06:07:54 +0000 (Tue, 18 Mar 2014)
New Revision: 26156

Modified:
   data/CVE/list
Log:
new apache issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-03-18 05:45:46 UTC (rev 26155)
+++ data/CVE/list	2014-03-18 06:07:54 UTC (rev 26156)
@@ -6236,8 +6236,9 @@
 	NOTE: http://patchwork.ozlabs.org/patch/325844/
 CVE-2014-0099
 	RESERVED
-CVE-2014-0098
+CVE-2014-0098 [Segfaults with truncated cookie logging]
 	RESERVED
+	- apache2 <unfixed>
 CVE-2014-0097
 	RESERVED
 	- libspring-java <not-affected> (ActiveDirectoryLdapAuthenticator not yet present, introduced in 3.1)
@@ -7819,8 +7820,9 @@
 	NOTE: http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml
 CVE-2013-6439 (Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a ...)
 	NOT-FOR-US: Candlepin
-CVE-2013-6438
+CVE-2013-6438 [mod_dav: Keep track of length of cdata properly when removing leading spaces]
 	RESERVED
+	- apache2 <unfixed> 
 CVE-2013-6437 (The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and ...)
 	- nova 2013.2.2
 CVE-2013-6436 (The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt ...)




More information about the Secure-testing-commits mailing list