[Secure-testing-commits] r29699 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Oct 28 08:06:22 UTC 2014
Author: carnil
Date: 2014-10-28 08:06:22 +0000 (Tue, 28 Oct 2014)
New Revision: 29699
Modified:
data/CVE/list
Log:
Add CVE-2014-8080/ruby, not checked at all
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-10-28 08:00:58 UTC (rev 29698)
+++ data/CVE/list 2014-10-28 08:06:22 UTC (rev 29699)
@@ -916,8 +916,15 @@
RESERVED
CVE-2014-8081
RESERVED
-CVE-2014-8080
+CVE-2014-8080 [Denial Of Service XML Expansion]
RESERVED
+ - ruby1.8 <removed>
+ - ruby1.9.1 <removed>
+ - ruby2.0 <removed>
+ - ruby2.1 <unfixed>
+ NOTE: https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/
+ NOTE: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/?pathrev=48161
+ TODO: check (and if complete set of ruby versions)
CVE-2014-8079 (Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x ...)
NOT-FOR-US: Drupal theme MAYO
CVE-2014-8078 (Cross-site scripting (XSS) vulnerability in the Print (aka Printer, ...)
More information about the Secure-testing-commits
mailing list