[Secure-testing-commits] r29094 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Sep 27 06:17:20 UTC 2014
Author: carnil
Date: 2014-09-27 06:17:20 +0000 (Sat, 27 Sep 2014)
New Revision: 29094
Modified:
data/CVE/list
Log:
Add notes for CVE-2013-4311/libvirt
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-09-26 21:14:12 UTC (rev 29093)
+++ data/CVE/list 2014-09-27 06:17:20 UTC (rev 29094)
@@ -25620,6 +25620,9 @@
CVE-2013-4311 (libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x ...)
- libvirt 1.1.3~rc1-1 (unimportant)
NOTE: polkit support not activated in Debian build, will be fixed in point update
+ NOTE: for wheezy: sourcewise support for 3-arg pkcheck syntax in libvirt is included
+ NOTE: since 0.9.12.3-1 in wyeezy-security. But we need to wait for the pu in #726558
+ NOTE: for policykit-1/0.105-3+deb7u1 and have are build of libvirt then.
CVE-2013-4310 (Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass ...)
- libstruts1.2-java <not-affected> (Affects Struts 2.0.0 - Struts 2.3.15.1)
NOTE: http://struts.apache.org/release/2.3.x/docs/s2-018.html
More information about the Secure-testing-commits
mailing list