[Secure-testing-commits] r28998 - data/CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Wed Sep 24 13:14:45 UTC 2014
Author: hertzog
Date: 2014-09-24 13:14:45 +0000 (Wed, 24 Sep 2014)
New Revision: 28998
Modified:
data/CVE/list
Log:
Add details for CVE-2014-3558/libhibernate-validator-java
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-09-24 13:13:01 UTC (rev 28997)
+++ data/CVE/list 2014-09-24 13:14:45 UTC (rev 28998)
@@ -8226,7 +8226,11 @@
NOT-FOR-US: ovirt-engine-backend
CVE-2014-3558
RESERVED
- - libhibernate-validator-java <unfixed> (low)
+ - libhibernate-validator-java <unfixed> (low; bug #762690)
+ NOTE: RedHat upgraded to new upstream versions in their security
+ NOTE: updates. No patches are available for the 4.0.x branch we
+ NOTE: have in Debian. Known fixed versions are 4.2.1, 4.3.2, and 5.1.2.
+ NOTE: Upstream ticket: https://hibernate.atlassian.net/browse/HV-912
CVE-2014-3557
RESERVED
CVE-2014-3556 [SMTP STARTTLS plaintext injection flaw]
More information about the Secure-testing-commits
mailing list