[Secure-testing-commits] r26905 - data/CVE

Raphael Geissert atomo64-guest at moszumanska.debian.org
Tue May 13 08:16:39 UTC 2014 

Author: atomo64-guest
Date: 2014-05-13 08:16:39 +0000 (Tue, 13 May 2014)
New Revision: 26905

Modified:
   data/CVE/list
Log:
foreman itp


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-05-13 05:14:52 UTC (rev 26904)
+++ data/CVE/list	2014-05-13 08:16:39 UTC (rev 26905)
@@ -27736,7 +27736,7 @@
 	- libarchive 3.0.4-3 (bug #703957)
 	[squeeze] - libarchive <not-affected> (Vulnerable code not present)
 CVE-2013-0210 (The smart proxy Puppet run API in Foreman before 1.2.0 allows remote ...)
-	TODO: check
+	- foreman <itp> (bug #663101)
 CVE-2013-0209 (lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x ...)
 	{DSA-2611-1}
 	- movabletype-opensource 5.1.2+dfsg-1 (bug #697666)
@@ -27866,15 +27866,15 @@
 	- ruby-multi-xml <not-affected> (Vulnerable version never in the archive)
 	NOTE: fixed in https://rubygems.org/gems/multi_xml/versions/0.5.2
 CVE-2013-0174 (The external node classifier (ENC) API in Foreman before 1.1 allows ...)
-	TODO: check
+	- foreman <itp> (bug #663101)
 CVE-2013-0173 (Foreman before 1.1 uses a salt of "foreman" to hash root passwords, ...)
-	TODO: check
+	- foreman <itp> (bug #663101)
 CVE-2013-0172 (Samba 4.0.x before 4.0.1, in certain Active Directory ...)
 	- samba4 4.0.0~beta2+dfsg1-3.1 (high; bug #699188)
 	- samba <not-affected> (Only affects Active Directory functionality)
 	NOTE: https://lists.samba.org/archive/samba-technical/2013-January/089911.html
 CVE-2013-0171 (Foreman before 1.1 allows remote attackers to execute arbitrary code ...)
-	TODO: check
+	- foreman <itp> (bug #663101)
 CVE-2013-0170 (Use-after-free vulnerability in the virNetMessageFree function in ...)
 	- libvirt 0.9.12-6 (bug #699224)
 	[squeeze] - libvirt <not-affected> (Vulnerable code not present, see bug #699224)
@@ -30579,7 +30579,7 @@
 CVE-2012-5478 (The AuthorizationInterceptor in JBoss Enterprise Application Platform ...)
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
 CVE-2012-5477 (The smart proxy in Foreman before 1.1 uses a umask set to 0, which ...)
-	TODO: check
+	- foreman <itp> (bug #663101)
 CVE-2012-5476
 	RESERVED
 	- horizon <not-affected> (File is installed with 0700 perms in Debian)

More information about the Secure-testing-commits mailing list