[Secure-testing-commits] r26825 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon May 5 05:50:34 UTC 2014
Author: jmm
Date: 2014-05-05 05:50:34 +0000 (Mon, 05 May 2014)
New Revision: 26825
Modified:
data/CVE/list
Log:
ldns, sks no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-05-05 04:50:01 UTC (rev 26824)
+++ data/CVE/list 2014-05-05 05:50:34 UTC (rev 26825)
@@ -1,5 +1,7 @@
CVE-2014-3209 [ldnsutils: ldns-keygen creates private key world readable]
- - ldns <unfixed> (bug #746758)
+ - ldns <unfixed> (low; bug #746758)
+ [squeeze] - ldns <no-dsa> (Minor issue)
+ [wheezy] - ldns <no-dsa> (Minor issue)
CVE-2014-XXXX [HTTPS_CA_DIR or HTTPS_CA_FILE disables peer certificate verification for IO::Socket::SSL]
- liblwp-protocol-https-perl <unfixed> (bug #746579)
[wheezy] - liblwp-protocol-https-perl <not-affected> (Introduced by bcc46ce2dab53d2e2baa583f2243d6fc7d36dcc8 in 6.04)
@@ -9,7 +11,9 @@
NOTE: http://lxml.de/3.3/changes-3.3.5.html
NOTE: http://seclists.org/fulldisclosure/2014/Apr/210
CVE-2014-3207 [non-persistent XSS]
- - sks <unfixed> (bug #746626)
+ - sks <unfixed> (low; bug #746626)
+ [squeeze] - sks <no-dsa> (Minor issue)
+ [wheezy] - sks <no-dsa> (Minor issue)
NOTE: https://bitbucket.org/skskeyserver/sks-keyserver/issue/26/unfiltered-xss
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=952077
CVE-2014-3137 [JSON content-type not restrictive enough]
More information about the Secure-testing-commits
mailing list