[Secure-testing-commits] r30301 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Tue Nov 25 10:47:04 UTC 2014
Author: jmm
Date: 2014-11-25 10:47:04 +0000 (Tue, 25 Nov 2014)
New Revision: 30301
Modified:
data/CVE/list
Log:
rails update, filed bug for ruby
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-11-25 10:20:55 UTC (rev 30300)
+++ data/CVE/list 2014-11-25 10:47:04 UTC (rev 30301)
@@ -2854,11 +2854,9 @@
- ruby1.8 <not-affected> (Incomplete fix never relesed for 1.9)
- ruby1.9.1 <not-affected> (Incomplete fix never relesed for 1.9)
- ruby2.0 <not-affected> (Incomplete fix never relesed for 1.9)
- - ruby2.1 <unfixed>
- NOTE: As it is for the incomplete fix for CVE-2014-8090 might only apply to ruby2.1
- NOTE: which already had an update.
+ - ruby2.1 <unfixed> (bug #770932)
+ NOTE: For the incomplete fix for CVE-2014-8080
NOTE: https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/
- TODO: check, see CVE-2014-8080
CVE-2014-8087
RESERVED
CVE-2014-8085
@@ -3519,11 +3517,12 @@
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47865
CVE-2014-7829 (Directory traversal vulnerability in ...)
- - rails <unfixed>
- - rails-3.2 <unfixed>
+ - rails <unfixed> (bug #770934)
+ [squeeze] - rails <not-affected> (Only affects >= 3)
+ - rails-3.2 <removed>
- ruby-actionpack-3.2 <removed>
- - ruby-actionpack-2.3 <removed>
- TODO: check
+ [wheezy] - ruby-actionpack-3.2 <no-dsa> (Minor issue)
+ - ruby-actionpack-2.3 <not-affected> (Only affects >= 3)
CVE-2014-7828 (FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is ...)
- freeipa 4.0.5-1 (bug #768294)
NOTE: https://fedorahosted.org/freeipa/ticket/4690
@@ -3562,11 +3561,12 @@
CVE-2014-7819 (Multiple directory traversal vulnerabilities in server.rb in Sprockets ...)
- ruby-sprockets 2.12.3-1
CVE-2014-7818 (Directory traversal vulnerability in ...)
- - rails <unfixed>
- - rails-3.2 <unfixed>
+ - rails <unfixed> (bug #770934)
+ [squeeze] - rails <not-affected> (Only affects >= 3)
+ - rails-3.2 <removed>
- ruby-actionpack-3.2 <removed>
- - ruby-actionpack-2.3 <removed>
- TODO: check
+ [wheezy] - ruby-actionpack-3.2 <no-dsa> (Minor issue)
+ - ruby-actionpack-2.3 <not-affected> (Only affects >= 3)
CVE-2014-7817 [command execution in wordexp() with WRDE_NOCMD specified]
RESERVED
- glibc <unfixed>
More information about the Secure-testing-commits
mailing list