[Secure-testing-commits] r26167 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Mar 18 18:56:24 UTC 2014
Author: carnil
Date: 2014-03-18 18:56:24 +0000 (Tue, 18 Mar 2014)
New Revision: 26167
Modified:
data/CVE/list
Log:
Update CVE-2014-0133/nginx
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-03-18 18:14:10 UTC (rev 26166)
+++ data/CVE/list 2014-03-18 18:56:24 UTC (rev 26167)
@@ -6147,7 +6147,10 @@
CVE-2014-0133 [nginx: SPDY heap buffer overflow]
RESERVED
- nginx <unfixed> (bug #742059)
- [wheezy] - nginx <no-dsa> (Vulnerable code not present)
+ [wheezy] - nginx <not-affected> (Vulnerable code not present)
+ [squeeze] - nginx <not-affected> (Vulnerable code not present)
+ NOTE: ngx_http_spdy_module introduced in 1.3.15
+ NOTE: Debian compiles with --with-http_spdy_module
CVE-2014-0132 [flaw in parsing authzid can lead to privilege escalation]
RESERVED
- 389-ds-base <unfixed> (bug #741600)
More information about the Secure-testing-commits
mailing list