[Secure-testing-commits] r31594 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Jan 22 15:21:35 UTC 2015
Author: carnil
Date: 2015-01-22 15:21:35 +0000 (Thu, 22 Jan 2015)
New Revision: 31594
Modified:
data/CVE/list
Log:
Two CVEs assigned for jenkins
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-22 09:46:55 UTC (rev 31593)
+++ data/CVE/list 2015-01-22 15:21:35 UTC (rev 31594)
@@ -453,9 +453,10 @@
CVE-2013-XXXX [lhasa: several directory traversal vulnerabilities]
- lhasa 0.2.0-1
[wheezy] - lhasa <no-dsa> (Minor issue)
-CVE-2014-XXXX [jenkins-tomcat: Secure and HttpOnly flags are not set for cookies with Jenkins on Tomcat]
+CVE-2014-9635 [HttpOnly flag not set]
- jenkins 1.565.3-3 (bug #769682)
- NOTE: CVE request: http://www.openwall.com/lists/oss-security/2015/01/14/1
+CVE-2014-9634 [Secure flag not set]
+ - jenkins 1.565.3-3 (bug #769682)
CVE-2015-1164 [Open Redirect]
- node-serve-static <unfixed> (bug #775843)
NOTE: https://nodesecurity.io/advisories/serve-static-open-redirect
More information about the Secure-testing-commits
mailing list