[Secure-testing-commits] r29334 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Thu Oct 9 12:09:41 UTC 2014
Author: jmm
Date: 2014-10-09 12:09:41 +0000 (Thu, 09 Oct 2014)
New Revision: 29334
Modified:
data/CVE/list
Log:
axis no-dsa
mojarra n/a
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-10-09 12:08:47 UTC (rev 29333)
+++ data/CVE/list 2014-10-09 12:09:41 UTC (rev 29334)
@@ -9773,6 +9773,8 @@
NOTE: incomplete fix for CVE-2014-4049
CVE-2014-3596 (The getCN function in Apache Axis 1.4 and earlier does not properly ...)
- axis 1.4-21 (low; bug #762444)
+ [wheezy] - axis <no-dsa> (Minor issue)
+ [squeeze] - axis <no-dsa> (Minor issue)
NOTE: https://issues.apache.org/jira/secure/attachment/12662672/CVE-2014-3596.patch
CVE-2014-3595 (Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, ...)
NOT-FOR-US: Red Hat Satellite
@@ -49242,7 +49244,7 @@
[squeeze] - libgc 1:6.8-2
CVE-2012-2672 (Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext ...)
- mojarra 2.2.8-1 (bug #677194)
- NOTE: Only affected in combination with EAP6/AS7 application servers
+ [wheezy] - mojarra <not-affected> (Only affected in combination with EAP6/AS7 application servers, not shipped in Debian)
CVE-2012-2671 (The Rack::Cache rubygem 0.3.0 through 1.1 caches Set-Cookie and other ...)
NOTE: https://github.com/rtomayko/rack-cache/blob/master/CHANGES
- ruby-rack-cache 1.2-1
More information about the Secure-testing-commits
mailing list