[Secure-testing-commits] r29512 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Sat Oct 18 18:29:28 UTC 2014


Author: jmm
Date: 2014-10-18 18:29:28 +0000 (Sat, 18 Oct 2014)
New Revision: 29512

Modified:
   data/CVE/list
Log:
cgit fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-10-18 17:30:14 UTC (rev 29511)
+++ data/CVE/list	2014-10-18 18:29:28 UTC (rev 29512)
@@ -34060,8 +34060,7 @@
 	{DSA-2694-1}
 	- spip 2.1.22-1 (bug #709674)
 CVE-2013-2117 (Directory traversal vulnerability in the cgit_parse_readme function in ...)
-	- cgit <unfixed>
-	TODO: check
+	- cgit <not-affected> (Fixed before the initial upload into the archive)
 CVE-2013-2116 (The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in ...)
 	{DSA-2697-1}
 	- gnutls26 2.12.23-5 (bug #709301)
@@ -45480,8 +45479,7 @@
 CVE-2012-4549 (The processInvocation function in ...)
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
 CVE-2012-4548 (Argument injection vulnerability in syntax-highlighting.sh in cgit ...)
-	- cgit <unfixed>
-	TODO: check
+	- cgit <not-affected> (Fixed before the initial upload into the archive)
 CVE-2012-4547 (Unspecified vulnerability in awredir.pl in AWStats before 7.1 has ...)
 	- awstats <not-affected>
 	NOTE: awredir.pl is not installed into the binary package
@@ -45706,8 +45704,7 @@
 	- ruby1.9.1 1.9.3.194-2 (low; bug #689075)
 	[squeeze] - ruby1.9.1 <no-dsa> (Minor issue)
 CVE-2012-4465 (Heap-based buffer overflow in the substr function in parsing.c in cgit ...)
-	- cgit <unfixed>
-	TODO: check
+	- cgit <not-affected> (Fixed before the initial upload into the archive)
 CVE-2012-4464 (Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows ...)
 	- ruby1.9.1 1.9.3.194-2 (low; bug #689075)
 	[squeeze] - ruby1.9.1 <not-affected> (Introduced in 1.9.3)




More information about the Secure-testing-commits mailing list