[Secure-testing-commits] r31110 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Sun Jan 4 00:05:51 UTC 2015
Author: jmm
Date: 2015-01-04 00:05:51 +0000 (Sun, 04 Jan 2015)
New Revision: 31110
Modified:
data/CVE/list
Log:
rabbitmq CVEfied
libhtp no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-03 22:54:31 UTC (rev 31109)
+++ data/CVE/list 2015-01-04 00:05:51 UTC (rev 31110)
@@ -12,6 +12,8 @@
NOT-FOR-US: Serendipity
CVE-2014-XXXX [denial of service with specific packets]
- libhtp <unfixed>
+ [wheezy] - libhtp <no-dsa> (Minor issue)
+ [squeeze] - libhtp <no-dsa> (Minor issue)
NOTE: https://redmine.openinfosecfoundation.org/issues/1272
NOTE: https://github.com/inliniac/libhtp/commit/4acebf251bb6c8343dd5f37f1b48cb38fec4fed4
CVE-2014-XXXX [miniunzip directory traversal]
@@ -629,7 +631,7 @@
NOTE: Report: http://mx.gw.com/pipermail/file/2014/001654.html
NOTE: Fix: https://github.com/file/file/commit/65437cee25199dbd385fb35901bc0011e164276c
NOTE: Introduced by: https://github.com/file/file/commit/c8451af8ab0c2e2a93ce93b9c68257d31576cc85 (5.16)
-CVE-2014-XXXX [insufficient 'X-Forwarded-For' header validation]
+CVE-2014-9494 [insufficient 'X-Forwarded-For' header validation]
- rabbitmq-server 3.4.1-1 (bug #773134)
[jessie] - rabbitmq-server 3.3.5-1.1
[wheezy] - rabbitmq-server <not-affected> (does not have this access control mechanism)
More information about the Secure-testing-commits
mailing list