[Secure-testing-commits] r28832 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Sep 16 17:34:12 UTC 2014
Author: carnil
Date: 2014-09-16 17:34:12 +0000 (Tue, 16 Sep 2014)
New Revision: 28832
Modified:
data/CVE/list
Log:
Update apt issues descriptions and unstable version for CVE-2014-0490
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-09-16 17:24:22 UTC (rev 28831)
+++ data/CVE/list 2014-09-16 17:34:12 UTC (rev 28832)
@@ -14598,17 +14598,18 @@
NOT-FOR-US: Flash plugin
CVE-2014-0491 (Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before ...)
NOT-FOR-US: Flash plugin
-CVE-2014-0490
+CVE-2014-0490 [incorrect apt-get download validation]
RESERVED
- - apt 1.0.9
+ - apt 0.9.12
+ NOTE: fixed with commit http://anonscm.debian.org/cgit/apt/apt.git/commit/?id=d57f6084aaa3972073114973d149ea2291b36682
[squeeze] - apt <not-affected> (apt download command and vulnerable code not present)
-CVE-2014-0489
+CVE-2014-0489 [incorrect verification of Acquire::Gzip indexes]
RESERVED
- apt 1.0.9
-CVE-2014-0488
+CVE-2014-0488 [incorrect invalidating of unauthenticated data]
RESERVED
- apt 1.0.9
-CVE-2014-0487
+CVE-2014-0487 [incorrect verification of 304 reply]
RESERVED
- apt 1.0.9
CVE-2014-0486 [remote crash with crafted DNS message]
More information about the Secure-testing-commits
mailing list