[Secure-testing-commits] r29699 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue Oct 28 08:06:22 UTC 2014


Author: carnil
Date: 2014-10-28 08:06:22 +0000 (Tue, 28 Oct 2014)
New Revision: 29699

Modified:
   data/CVE/list
Log:
Add CVE-2014-8080/ruby, not checked at all

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-10-28 08:00:58 UTC (rev 29698)
+++ data/CVE/list	2014-10-28 08:06:22 UTC (rev 29699)
@@ -916,8 +916,15 @@
 	RESERVED
 CVE-2014-8081
 	RESERVED
-CVE-2014-8080
+CVE-2014-8080 [Denial Of Service XML Expansion]
 	RESERVED
+        - ruby1.8 <removed>
+        - ruby1.9.1 <removed>
+        - ruby2.0 <removed>
+        - ruby2.1 <unfixed>
+	NOTE: https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/
+	NOTE: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/?pathrev=48161
+	TODO: check (and if complete set of ruby versions)
 CVE-2014-8079 (Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x ...)
 	NOT-FOR-US: Drupal theme MAYO
 CVE-2014-8078 (Cross-site scripting (XSS) vulnerability in the Print (aka Printer, ...)




More information about the Secure-testing-commits mailing list