[Secure-testing-commits] r29357 - data/CVE
Sebastien Delafond
seb at moszumanska.debian.org
Fri Oct 10 09:21:55 UTC 2014
Author: seb
Date: 2014-10-10 09:21:55 +0000 (Fri, 10 Oct 2014)
New Revision: 29357
Modified:
data/CVE/list
Log:
Record that CVE-2013-7285 was introduced in 1.4.5 and not 1.4.6
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-10-10 09:14:12 UTC (rev 29356)
+++ data/CVE/list 2014-10-10 09:21:55 UTC (rev 29357)
@@ -17593,8 +17593,8 @@
CVE-2013-7285 [remote code execution via deserialization in XStream]
RESERVED
- libxstream-java 1.4.7-1 (bug #734821)
- [wheezy] - libxstream-java <not-affected> (Vulnerability introduced in 1.4.6)
- [squeeze] - libxstream-java <not-affected> (Vulnerability introduced in 1.4.6)
+ [wheezy] - libxstream-java <not-affected> (Vulnerability introduced in 1.4.5)
+ [squeeze] - libxstream-java <not-affected> (Vulnerability introduced in 1.4.5)
NOTE: http://blog.diniscruz.com/2013/12/xstream-remote-code-execution-exploit.html
NOTE: http://markmail.org/message/kfqoqdfj5fnup5co?q=list:org.codehaus.xstream.dev&page=3
NOTE: initial patch: https://fisheye.codehaus.org/changelog/xstream?cs=2210
More information about the Secure-testing-commits
mailing list