[Secure-testing-commits] r28914 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Fri Sep 19 17:33:50 UTC 2014


Author: carnil
Date: 2014-09-19 17:33:50 +0000 (Fri, 19 Sep 2014)
New Revision: 28914

Modified:
   data/CVE/list
Log:
Clarify description for CVE-2014-6274

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-09-19 17:31:57 UTC (rev 28913)
+++ data/CVE/list	2014-09-19 17:33:50 UTC (rev 28914)
@@ -748,10 +748,11 @@
 	RESERVED
 CVE-2014-6275
 	RESERVED
-CVE-2014-6274 [creds embedded in the git repo were not encrypted]
+CVE-2014-6274 [S3 and Glacier remotes creds embedded in the git repo were not encrypted]
 	RESERVED
 	- git-annex 5.20140919
 	[wheezy] - git-annex <not-affected> (Vulnerable code introduced in 3.20121126)
+	NOTE: https://git-annex.branchable.com/upgrades/insecure_embedded_creds/
 CVE-2014-6273
 	RESERVED
 CVE-2014-6272




More information about the Secure-testing-commits mailing list