[Secure-testing-commits] r29272 - data/CVE
Holger Levsen
holger at moszumanska.debian.org
Sun Oct 5 11:09:24 UTC 2014
Author: holger
Date: 2014-10-05 11:09:24 +0000 (Sun, 05 Oct 2014)
New Revision: 29272
Modified:
data/CVE/list
Log:
mark CVE-2013-0348/thttpd minor issue, it's about obtaining sensitive
info via reading the logfile
from #debian-lts, yesterday:
[09:55] < thijs_> I've added it to the tracker; but would mark it no-dla
if I was in the squeeze-lts project
[10:19] < h01ger> | formally there is no no-dla yet
[10:19] < h01ger> | but i also agree it should be no-dsa yet
[10:19] < h01ger> | or EOLed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-10-05 09:14:14 UTC (rev 29271)
+++ data/CVE/list 2014-10-05 11:09:24 UTC (rev 29272)
@@ -38427,7 +38427,7 @@
- linux-2.6 <removed>
CVE-2013-0348 (thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use ...)
- thttpd <removed> (low)
- [squeeze] - thttpd <unfixed>
+ [squeeze] - thttpd <no-dsa> (Minor issue)
NOTE: http://blogs.gentoo.org/blueness/2014/10/03/sthttpd-a-very-tiny-and-very-fast-http-server-with-a-mature-codebase/
CVE-2013-0347 [webfs world-readable logdir]
RESERVED
More information about the Secure-testing-commits
mailing list