[Secure-testing-commits] r31110 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Sun Jan 4 00:05:51 UTC 2015


Author: jmm
Date: 2015-01-04 00:05:51 +0000 (Sun, 04 Jan 2015)
New Revision: 31110

Modified:
   data/CVE/list
Log:
rabbitmq CVEfied
libhtp no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-01-03 22:54:31 UTC (rev 31109)
+++ data/CVE/list	2015-01-04 00:05:51 UTC (rev 31110)
@@ -12,6 +12,8 @@
 	NOT-FOR-US: Serendipity
 CVE-2014-XXXX [denial of service with specific packets]
 	- libhtp <unfixed>
+	[wheezy] - libhtp <no-dsa> (Minor issue)
+	[squeeze] - libhtp <no-dsa> (Minor issue)
 	NOTE: https://redmine.openinfosecfoundation.org/issues/1272
 	NOTE: https://github.com/inliniac/libhtp/commit/4acebf251bb6c8343dd5f37f1b48cb38fec4fed4
 CVE-2014-XXXX [miniunzip directory traversal]
@@ -629,7 +631,7 @@
 	NOTE: Report: http://mx.gw.com/pipermail/file/2014/001654.html
 	NOTE: Fix: https://github.com/file/file/commit/65437cee25199dbd385fb35901bc0011e164276c
 	NOTE: Introduced by: https://github.com/file/file/commit/c8451af8ab0c2e2a93ce93b9c68257d31576cc85 (5.16)
-CVE-2014-XXXX [insufficient 'X-Forwarded-For' header validation]
+CVE-2014-9494 [insufficient 'X-Forwarded-For' header validation]
 	- rabbitmq-server 3.4.1-1 (bug #773134)
 	[jessie] - rabbitmq-server 3.3.5-1.1
 	[wheezy] - rabbitmq-server <not-affected> (does not have this access control mechanism)




More information about the Secure-testing-commits mailing list