[Secure-testing-commits] r31182 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Wed Jan 7 16:02:09 UTC 2015


Author: carnil
Date: 2015-01-07 16:02:08 +0000 (Wed, 07 Jan 2015)
New Revision: 31182

Modified:
   data/CVE/list
Log:
Add CVE-2014-3628/lucene-solr

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-01-07 15:16:25 UTC (rev 31181)
+++ data/CVE/list	2015-01-07 16:02:08 UTC (rev 31182)
@@ -15617,8 +15617,10 @@
 	- qpid-cpp <unfixed> (low; bug #772794)
 	[wheezy] - qpid-cpp <no-dsa> (Minor issue)
 	NOTE: https://issues.apache.org/jira/secure/attachment/12680198/QPID-6218.patch
-CVE-2014-3628
+CVE-2014-3628 [Cross-site scripting (XSS) vulnerability via the fieldvaluecache object]
 	RESERVED
+	- lucene-solr <unfixed>
+	TODO: check, search for more details
 CVE-2014-3627 (The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 ...)
 	NOT-FOR-US: Apache Hadoop
 CVE-2014-3626




More information about the Secure-testing-commits mailing list