[Secure-testing-commits] r30101 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Mon Nov 17 20:03:22 UTC 2014


Author: carnil
Date: 2014-11-17 20:03:22 +0000 (Mon, 17 Nov 2014)
New Revision: 30101

Modified:
   data/CVE/list
Log:
Add CVE-2014-7829, left TODO as not verified versions

NOTE for reviewers: please double check affected source packages.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-11-17 18:54:34 UTC (rev 30100)
+++ data/CVE/list	2014-11-17 20:03:22 UTC (rev 30101)
@@ -2255,8 +2255,13 @@
 	- moodle <unfixed>
 	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47865
-CVE-2014-7829
+CVE-2014-7829 [Arbitrary file existence disclosure in Action Pack]
 	RESERVED
+	- rails <unfixed>
+	- rails-3.2 <unfixed>
+	- ruby-actionpack-3.2 <removed>
+	- ruby-actionpack-2.3 <removed>
+	TODO: check
 CVE-2014-7828 [password not required when OTP in use]
 	RESERVED
 	- freeipa 4.0.5-1 (bug #768294)




More information about the Secure-testing-commits mailing list