[Secure-testing-commits] r38597 - data/CVE
Antoine Beaupré
anarcat at moszumanska.debian.org
Tue Dec 29 21:31:56 UTC 2015
Author: anarcat
Date: 2015-12-29 21:31:55 +0000 (Tue, 29 Dec 2015)
New Revision: 38597
Modified:
data/CVE/list
Log:
Summary: update status of 2012 redmine issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-12-29 21:10:12 UTC (rev 38596)
+++ data/CVE/list 2015-12-29 21:31:55 UTC (rev 38597)
@@ -85042,6 +85042,8 @@
CVE-2012-2054 (Redmine before 1.3.2 does not properly restrict the use of a hash to ...)
- redmine 1.3.2+dfsg1-1
[squeeze] - redmine <no-dsa> (Minor issue)
+ NOTE: http://www.redmine.org/issues/10390
+ NOTE: git mirror patch would be 5141f1e..177ff05
CVE-2012-2053 (The sudoers file in the Linux system configuration in F5 FirePass ...)
NOT-FOR-US: F5 Firepass
CVE-2012-2052 (Stack-based buffer overflow in the U3D.8BI library plugin in Adobe ...)
@@ -89357,8 +89359,9 @@
NOT-FOR-US: Janetter
CVE-2012-0327 (Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 ...)
- redmine 1.3.2+dfsg1-1
- [squeeze] - redmine <no-dsa> (Minor issue)
+ [squeeze] - redmine <no-dsa> (Minor issue, patch impossible to find)
NOTE: http://jvn.jp/en/jp/JVN93406632/
+ NOTE: patch unclear: difficult to find the patch in 1.3.2 release
CVE-2012-0326 (The twicca application 0.7.0 through 0.9.30 for Android does not ...)
NOT-FOR-US: twicca application for Android
CVE-2012-0325 (Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before ...)
More information about the Secure-testing-commits
mailing list