[Secure-testing-commits] r33491 - data/CVE
David Prévot
taffit at moszumanska.debian.org
Fri Apr 10 17:01:47 UTC 2015
Author: taffit
Date: 2015-04-10 17:01:47 +0000 (Fri, 10 Apr 2015)
New Revision: 33491
Modified:
data/CVE/list
Log:
Mark CVE-2015-1786/zendframework as not-affected
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-04-10 16:18:15 UTC (rev 33490)
+++ data/CVE/list 2015-04-10 17:01:47 UTC (rev 33491)
@@ -3221,10 +3221,10 @@
RESERVED
CVE-2015-1787 (The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL ...)
- openssl <not-affected> (Only affects 1.0.2, only in experimental)
-CVE-2015-1786
+CVE-2015-1786 [Invalid CSRF validation of null or incorrectly formatted token identifiers]
RESERVED
- - zendframework <undetermined>
- TODO: check, according to RH only in 2.3 series
+ - zendframework <not-affected> (the vulnerability was introduced specifically in the 2.3 series)
+ NOTE: http://framework.zend.com/security/advisory/ZF2015-03
CVE-2015-1785
RESERVED
CVE-2015-1784
More information about the Secure-testing-commits
mailing list