[Secure-testing-commits] r26193 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Thu Mar 20 12:30:30 UTC 2014
Author: jmm
Date: 2014-03-20 12:30:30 +0000 (Thu, 20 Mar 2014)
New Revision: 26193
Modified:
data/CVE/list
Log:
rack-ssl, kdirstat no-dsa
remove claws non issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-03-20 09:14:11 UTC (rev 26192)
+++ data/CVE/list 2014-03-20 12:30:30 UTC (rev 26193)
@@ -2,16 +2,18 @@
- php-sabredav 1.7.11+dfsg-1
NOTE: https://github.com/fruux/sabre-dav/releases/tag/1.7.11
CVE-2014-2538 [XSS in error page]
- - ruby-rack-ssl <unfixed>
+ - ruby-rack-ssl <unfixed> (low)
+ [wheezy] - ruby-rack-ssl <no-dsa> (Minor issue)
NOTE: https://github.com/josh/rack-ssl/commit/9d7d7300b907e496db68d89d07fbc2e0df0b487b
CVE-2014-2528 [Apostrophes not properly escaped]
- k4dirstat 2.7.5-1 (bug #741659)
+ [wheezy] - k4dirstat <no-dsa> (Minor issue)
- kdirstat <removed>
- TODO: check squeeze
+ [squeeze] - kdirstat <no-dsa> (Minor issue)
CVE-2014-2527 [double quotes not proberly escaped]
- k4dirstat <not-affected> (Uses single quotes for affected code)
- - kdirstat <removed>
- TODO: check squeeze
+ - kdirstat <removed> (low)
+ [squeeze] - kdirstat <no-dsa> (Minor issue)
CVE-2014-XXXX [MSA-14-0004: Incorrect filtering in Quiz]
- moodle 2.6.2-1
[squeeze] - moodle <not-affected> (Vulnerable code not present)
@@ -396,10 +398,6 @@
NOT-FOR-US: DotNetNuke
CVE-2013-7334 (Cross-site request forgery (CSRF) vulnerability in ImageCMS before 4.2 ...)
TODO: check
-CVE-2014-XXXX [claws-mail vcalendar plugin stores user/password in cleartext]
- - claws-mail <unfixed> (unimportant)
- NOTE: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3099
- NOTE: http://article.gmane.org/gmane.comp.security.oss.general/12338
CVE-2014-2387 [pen: insecure temporary filename]
RESERVED
- pen <unfixed> (low; bug #741370)
More information about the Secure-testing-commits
mailing list