[Secure-testing-commits] r35931 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Aug 8 05:17:47 UTC 2015
Author: carnil
Date: 2015-08-08 05:17:47 +0000 (Sat, 08 Aug 2015)
New Revision: 35931
Modified:
data/CVE/list
Log:
Mark fixed version for two subversion issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-08-08 05:15:18 UTC (rev 35930)
+++ data/CVE/list 2015-08-08 05:17:47 UTC (rev 35931)
@@ -6845,7 +6845,7 @@
NOT-FOR-US: Apache Storm
CVE-2015-3187 [svn_repos_trace_node_locations() reveals paths hidden by authz]
RESERVED
- - subversion <unfixed>
+ - subversion 1.9.0-1
NOTE: https://subversion.apache.org/security/CVE-2015-3187-advisory.txt
TODO: check older versions not mentioned in advisory
CVE-2015-3186
@@ -6861,7 +6861,7 @@
NOTE: Behavior changed in 2.4.x refactoring, API no longer usable in 2.4.x
CVE-2015-3184 [Mixed anonymous/authenticated path-based authz with httpd 2.4]
RESERVED
- - subversion <unfixed>
+ - subversion 1.9.0-1
[wheezy] - subversion <not-affected> (1.6 does not build with apache 2.4)
NOTE: https://subversion.apache.org/security/CVE-2015-3184-advisory.txt
NOTE: subversion needs to be built with a fixed apache version
More information about the Secure-testing-commits
mailing list