[Secure-testing-commits] r29160 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Sep 30 07:15:50 UTC 2014
Author: carnil
Date: 2014-09-30 07:15:50 +0000 (Tue, 30 Sep 2014)
New Revision: 29160
Modified:
data/CVE/list
Log:
CVE-2013-4311: source is fixed, but polkit support is not yet activated in Debian build
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-09-30 07:04:03 UTC (rev 29159)
+++ data/CVE/list 2014-09-30 07:15:50 UTC (rev 29160)
@@ -25742,11 +25742,12 @@
CVE-2013-4312
RESERVED
CVE-2013-4311 (libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x ...)
- - libvirt 1.1.3~rc1-1 (unimportant)
+ - libvirt <unfixed> (unimportant)
NOTE: polkit support not activated in Debian build, will be fixed in point update
NOTE: for wheezy: sourcewise support for 3-arg pkcheck syntax in libvirt is included
- NOTE: since 0.9.12.3-1 in wyeezy-security. But we need to wait for the pu in #726558
- NOTE: for policykit-1/0.105-3+deb7u1 and have are build of libvirt then.
+ NOTE: since 0.9.12.3-1 in wyeezy-security (and 1.1.3~rc1-1 in unstable). But we need
+ NOTE: to wait for the pu in #726558 for policykit-1/0.105-3+deb7u1 and have a rebuild
+ NOTE: of libvirt then.
CVE-2013-4310 (Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass ...)
- libstruts1.2-java <not-affected> (Affects Struts 2.0.0 - Struts 2.3.15.1)
NOTE: http://struts.apache.org/release/2.3.x/docs/s2-018.html
More information about the Secure-testing-commits
mailing list