[Secure-testing-commits] r31744 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Jan 27 16:38:11 UTC 2015
Author: carnil
Date: 2015-01-27 16:38:11 +0000 (Tue, 27 Jan 2015)
New Revision: 31744
Modified:
data/CVE/list
Log:
Two CVEs assigned for rabbitmq-server
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-27 16:32:39 UTC (rev 31743)
+++ data/CVE/list 2015-01-27 16:38:11 UTC (rev 31744)
@@ -417,11 +417,11 @@
[squeeze] - vorbis-tools <no-dsa> (Minor issue)
NOTE: https://trac.xiph.org/ticket/2009
NOTE: Upstream fix: https://trac.xiph.org/changeset/19117
-CVE-2014-XXXX [Bug 26437 - prevent /api/* from returning text/html error messages which could act as an XSS vector]
+CVE-2014-9649 [Bug 26437 - prevent /api/* from returning text/html error messages which could act as an XSS vector]
- rabbitmq-server 3.4.1-1
NOTE: https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/01/21/13
-CVE-2014-XXXX [Bug 26433 - fix response-splitting vulnerability in /api/downloads]
+CVE-2014-9650 [Bug 26433 - fix response-splitting vulnerability in /api/downloads]
- rabbitmq-server 3.4.1-1
NOTE: https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs
NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-management/commit/b5a5fc31bd49ad821a655ea9e2fe920d670a62ad
More information about the Secure-testing-commits
mailing list