[Secure-testing-commits] r35452 - in data: . CVE
Ben Hutchings
benh at moszumanska.debian.org
Tue Jul 14 03:39:37 UTC 2015
Author: benh
Date: 2015-07-14 03:39:35 +0000 (Tue, 14 Jul 2015)
New Revision: 35452
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Triage new issues for squeeze-lts
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-07-13 20:11:05 UTC (rev 35451)
+++ data/CVE/list 2015-07-14 03:39:35 UTC (rev 35452)
@@ -5457,18 +5457,22 @@
CVE-2015-3275 [Javascript injection in SCORM module]
RESERVED
- moodle <unfixed> (bug #792242)
+ [squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50614
CVE-2015-3274 [Possible XSS through custom text profile fields in Web Services]
RESERVED
- moodle <unfixed> (bug #792242)
+ [squeeze] - moodle <not-affected> (Only similar function looks like the fixed version)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50130
CVE-2015-3273 [Capability 'mod/forum:canposttomygroups' is not respected when using 'Post a copy to all groups' in forum]
RESERVED
- moodle <not-affected> (Affects only 2.9)
+ [squeeze] - moodle <not-affected> (Affects only 2.9)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50220
CVE-2015-3272 [Possible phishing when redirecting to external site using referer header]
RESERVED
- moodle <unfixed> (bug #792242)
+ [squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50688
CVE-2015-3271
RESERVED
@@ -8157,11 +8161,13 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/03/20/14
CVE-2015-2779 (Stack consumption vulnerability in the message splitting functionality ...)
- quassel 1:0.10.0-2.3 (bug #781024)
+ [squeeze] - quassel <unfixed>
NOTE: https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8
NOTE: http://www.openwall.com/lists/oss-security/2015/03/20/12
TODO: check affected versions
CVE-2015-2778 (Quassel before 0.12-rc1 uses an incorrect data-type size when ...)
- quassel 1:0.10.0-2.3 (bug #781024)
+ [squeeze] - quassel <unfixed>
NOTE: https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8
NOTE: http://www.openwall.com/lists/oss-security/2015/03/20/12
TODO: check affected versions
@@ -23776,8 +23782,12 @@
CVE-2014-6438
RESERVED
- ruby1.9.1 1.9.3.0-1
+ [squeeze] - ruby1.9.1 <unfixed>
+ [squeeze] - ruby1.8 <not-affected> (Vulnerable code not present)
NOTE: https://www.ruby-lang.org/en/news/2014/08/19/ruby-1-9-2-p330-released/
NOTE: https://github.com/ruby/www.ruby-lang.org/issues/817
+ NOTE: https://github.com/ruby/ruby/commit/5082e91876502a2f3dde862406a0efe9f85afcdb
+ NOTE: https://github.com/ruby/ruby/commit/7b9354af8805c02ed968765abe300162e0fcc943
CVE-2014-6437
RESERVED
CVE-2014-6436
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2015-07-13 20:11:05 UTC (rev 35451)
+++ data/dla-needed.txt 2015-07-14 03:39:35 UTC (rev 35452)
@@ -65,6 +65,10 @@
--
wesnoth-1.8
--
+ruby1.9.1 (Ben Hutchings)
+--
+quassel
+--
More information about the Secure-testing-commits
mailing list