[Secure-testing-commits] r30182 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2014-11-20 07:51:55 +0000 (Thu, 20 Nov 2014)
New Revision: 30182

Modified:
   data/CVE/list
Log:
Add CVE-2014-7850/freeipa

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-11-20 07:13:12 UTC (rev 30181)
+++ data/CVE/list	2014-11-20 07:51:55 UTC (rev 30182)
@@ -3256,8 +3256,11 @@
 	RESERVED
 CVE-2014-7851
 	RESERVED
-CVE-2014-7850
+CVE-2014-7850 [XSS flaw can be used to escalate privileges]
 	RESERVED
+	- freeipa <unfixed>
+	NOTE: https://fedorahosted.org/freeipa/ticket/4742
+	TODO: check (possibly unimportant severity if we don't include WebUI part and only have vulnerable code)
 CVE-2014-7849
 	RESERVED
 CVE-2014-7848 [Hardware path disclosed in the error message]