[Secure-testing-commits] r33308 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Apr 1 04:30:29 UTC 2015
Author: carnil
Date: 2015-04-01 04:30:29 +0000 (Wed, 01 Apr 2015)
New Revision: 33308
Modified:
data/CVE/list
Log:
Add three new subversion issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-04-01 04:26:48 UTC (rev 33307)
+++ data/CVE/list 2015-04-01 04:30:29 UTC (rev 33308)
@@ -9115,8 +9115,10 @@
{DSA-3199-1 DLA-181-1}
- xerces-c 3.1.1-5.1 (bug #780827)
NOTE: http://svn.apache.org/viewvc?view=revision&revision=1667870
-CVE-2015-0251
+CVE-2015-0251 [(mod_dav_svn) spoofing svn:author property values for new revisions]
RESERVED
+ - subversion 1.8.10-6
+ NOTE: https://subversion.apache.org/security/CVE-2015-0251-advisory.txt
CVE-2015-0250 (XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) ...)
{DSA-3205-1 DLA-182-1}
- batik 1.7+dfsg-5 (bug #780897)
@@ -9127,8 +9129,10 @@
CVE-2015-0249
RESERVED
NOT-FOR-US: Apache Roller
-CVE-2015-0248
+CVE-2015-0248 [(mod_dav_svn) remote denial of service with certain requests with dynamically evaluated revision numbers]
RESERVED
+ - subversion 1.8.10-6
+ NOTE: https://subversion.apache.org/security/CVE-2015-0248-advisory.txt
CVE-2015-0247 (Heap-based buffer overflow in openfs.c in the libext2fs library in ...)
{DSA-3166-1 DLA-153-1}
- e2fsprogs 1.42.12-1
@@ -9332,8 +9336,10 @@
RESERVED
- qpid-cpp <unfixed> (bug #775359)
[wheezy] - qpid-cpp <no-dsa> (Minor issue)
-CVE-2015-0202
+CVE-2015-0202 [(mod_dav_svn) remote denial of service with certain REPORT requests]
RESERVED
+ - subversion 1.8.10-6
+ NOTE: https://subversion.apache.org/security/CVE-2015-0202-advisory.txt
CVE-2015-0201 (The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 ...)
- libspring-java <not-affected> (Only affects Spring Framework 4.1.0 to 4.1.4)
CVE-2015-0200
More information about the Secure-testing-commits
mailing list