[Secure-testing-commits] r30454 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Nov 30 05:52:20 UTC 2014
Author: carnil
Date: 2014-11-30 05:52:17 +0000 (Sun, 30 Nov 2014)
New Revision: 30454
Modified:
data/CVE/list
Log:
Add two new temporary items for mantis with awaiting CVEs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-11-30 05:38:50 UTC (rev 30453)
+++ data/CVE/list 2014-11-30 05:52:17 UTC (rev 30454)
@@ -1,3 +1,14 @@
+CVE-2014-XXXX [PHP Object Injection in MantisBT filter API]
+ - mantis <removed>
+ [squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
+ NOTE: http://github.com/mantisbt/mantisbt/commit/599364b2
+ NOTE: http://www.mantisbt.org/bugs/view.php?id=17875
+CVE-2014-XXXX [DB credentials disclosure in MantisBT's unattended upgrade script]
+ - mantis <removed> (unimportant)
+ [squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
+ NOTE: http://github.com/mantisbt/mantisbt/commit/0826cef8
+ NOTE: http://www.mantisbt.org/bugs/view.php?id=17877
+ NOTE: unimportant, source affected but unrelevant for Debian, upgrade_unattended.php removed also in binary package
CVE-2014-XXXX [nvi: insecure use of /var/tmp in postinst]
- nvi <unfixed> (bug #771375)
CVE-2014-9140 [buffer overflow in the PPP dissector]
More information about the Secure-testing-commits
mailing list