[Secure-testing-commits] r30101 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Nov 17 20:03:22 UTC 2014
Author: carnil
Date: 2014-11-17 20:03:22 +0000 (Mon, 17 Nov 2014)
New Revision: 30101
Modified:
data/CVE/list
Log:
Add CVE-2014-7829, left TODO as not verified versions
NOTE for reviewers: please double check affected source packages.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-11-17 18:54:34 UTC (rev 30100)
+++ data/CVE/list 2014-11-17 20:03:22 UTC (rev 30101)
@@ -2255,8 +2255,13 @@
- moodle <unfixed>
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47865
-CVE-2014-7829
+CVE-2014-7829 [Arbitrary file existence disclosure in Action Pack]
RESERVED
+ - rails <unfixed>
+ - rails-3.2 <unfixed>
+ - ruby-actionpack-3.2 <removed>
+ - ruby-actionpack-2.3 <removed>
+ TODO: check
CVE-2014-7828 [password not required when OTP in use]
RESERVED
- freeipa 4.0.5-1 (bug #768294)
More information about the Secure-testing-commits
mailing list