[Secure-testing-commits] r34843 - data/CVE
Paul Wise
pabs at moszumanska.debian.org
Wed Jun 10 12:20:23 UTC 2015
Author: pabs
Date: 2015-06-10 12:20:23 +0000 (Wed, 10 Jun 2015)
New Revision: 34843
Modified:
data/CVE/list
Log:
Add some more info to the BREACH attack CVE
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-06-10 09:14:26 UTC (rev 34842)
+++ data/CVE/list 2015-06-10 12:20:23 UTC (rev 34843)
@@ -47151,7 +47151,11 @@
CVE-2013-3587 [BREACH attack against HTTP compression]
RESERVED
NOTE: not something we can concretely fix somewhere
+ NOTE: mitigations must be done in webapps
+ NOTE: http://breachattack.com/
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=995168
+ NOTE: https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/
+ NOTE: https://www.mail-archive.com/dev@httpd.apache.org/msg57592.html
CVE-2013-3586 (Samsung Web Viewer for Samsung DVR devices allows remote attackers to ...)
NOT-FOR-US: Samsung DVR devices
CVE-2013-3585 (Samsung Web Viewer for Samsung DVR devices stores credentials in ...)
More information about the Secure-testing-commits
mailing list