[Secure-testing-commits] r26351 - data/CVE
Stefan Fritsch
sf at moszumanska.debian.org
Sun Mar 30 10:18:09 UTC 2014
Author: sf
Date: 2014-03-30 10:18:09 +0000 (Sun, 30 Mar 2014)
New Revision: 26351
Modified:
data/CVE/list
Log:
one apache2 issue probably not affected, one no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-03-30 09:26:21 UTC (rev 26350)
+++ data/CVE/list 2014-03-30 10:18:09 UTC (rev 26351)
@@ -6785,6 +6785,7 @@
RESERVED
CVE-2014-0098 (The log_cookie function in mod_log_config.c in the mod_log_config ...)
- apache2 2.4.9-1
+ NOTE: Looks like it was introduced in 2.2.23 which would mean that squeeze+wheezy are not affected. sf: waiting for confirmation.
CVE-2014-0097
RESERVED
- libspring-java <not-affected> (ActiveDirectoryLdapAuthenticator not yet present, introduced in 3.1)
@@ -8397,6 +8398,8 @@
NOT-FOR-US: Candlepin
CVE-2013-6438 (The dav_xml_get_cdata function in main/util.c in the mod_dav module in ...)
- apache2 2.4.9-1
+ [squeeze] - apache2 <no-dsa> (will be fixed in point release unless CVE-2014-0098 needs a DSA)
+ [wheezy] - apache2 <no-dsa> (will be fixed in point release unless CVE-2014-0098 needs a DSA)
CVE-2013-6437 (The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and ...)
- nova 2013.2.2
[wheezy] - nova <not-affected> (Vulnerable code not present)
More information about the Secure-testing-commits
mailing list