[Secure-testing-commits] r35372 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Tue Jul 7 21:21:21 UTC 2015
Author: jmm
Date: 2015-07-07 21:21:21 +0000 (Tue, 07 Jul 2015)
New Revision: 35372
Modified:
data/CVE/list
Log:
openssh no-dsa
rails 2.3 EOLed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-07-07 21:10:17 UTC (rev 35371)
+++ data/CVE/list 2015-07-07 21:21:21 UTC (rev 35372)
@@ -639,6 +639,8 @@
CVE-2015-5352 [refusal deadline is not checked within the x11_open_helper function]
RESERVED
- openssh <unfixed> (bug #790798)
+ [jessie] - openssh <no-dsa> (Minor issue)
+ [wheezy] - openssh <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/07/01/7
NOTE: https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9&id=1bf477d3cdf1a864646d59820878783d42357a1d
CVE-2015-5147 [Stack overflow in redcarpet's header_anchor]
@@ -5368,7 +5370,7 @@
[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
- ruby-activesupport-3.2 <removed>
- ruby-activesupport-2.3 <removed>
- TODO: check if complete
+ [wheezy] - ruby-activesupport-2.3 <end-of-life> (https://lists.debian.org/debian-security-announce/2014/msg00164.html)
CVE-2015-3226 [XSS Vulnerability in ActiveSupport::JSON.encode]
RESERVED
- rails <unfixed> (bug #790486)
@@ -5376,7 +5378,7 @@
[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
- ruby-activesupport-3.2 <removed>
- ruby-activesupport-2.3 <removed>
- TODO: check if complete
+ [wheezy] - ruby-activesupport-2.3 <end-of-life> (https://lists.debian.org/debian-security-announce/2014/msg00164.html)
CVE-2015-3225 [Denial of Service]
RESERVED
{DLA-254-1}
More information about the Secure-testing-commits
mailing list