[Secure-testing-commits] r32025 - data/CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Fri Feb 6 15:11:46 UTC 2015
Author: hertzog
Date: 2015-02-06 15:11:45 +0000 (Fri, 06 Feb 2015)
New Revision: 32025
Modified:
data/CVE/list
Log:
Mark CVE-2014-9649, CVE-2014-9650 and CVE-2015-0862 as not affecting rabbitmq-server/squeeze
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-02-06 14:58:35 UTC (rev 32024)
+++ data/CVE/list 2015-02-06 15:11:45 UTC (rev 32025)
@@ -853,11 +853,13 @@
CVE-2014-9649 (Cross-site scripting (XSS) vulnerability in the management plugin in ...)
- rabbitmq-server 3.4.1-1
[wheezy] - rabbitmq-server <no-dsa> (Minor issue)
+ [squeeze] - rabbitmq-server <not-affected> (Management web UI not available in version 1.8.1)
NOTE: https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs
NOTE: http://www.openwall.com/lists/oss-security/2015/01/21/13
CVE-2014-9650 (CRLF injection vulnerability in the management plugin in RabbitMQ ...)
- rabbitmq-server 3.4.1-1
[wheezy] - rabbitmq-server <no-dsa> (Minor issue)
+ [squeeze] - rabbitmq-server <not-affected> (Management web UI not available in version 1.8.1)
NOTE: https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs
NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-management/commit/b5a5fc31bd49ad821a655ea9e2fe920d670a62ad
NOTE: http://www.openwall.com/lists/oss-security/2015/01/21/13
@@ -1990,6 +1992,7 @@
RESERVED
CVE-2015-0862 (Multiple cross-site scripting (XSS) vulnerabilities in the management ...)
- rabbitmq-server <unfixed>
+ [squeeze] - rabbitmq-server <not-affected> (Management web UI not available in version 1.8.1)
TODO: check
CVE-2015-0861
RESERVED
More information about the Secure-testing-commits
mailing list