[Secure-testing-commits] r32878 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Mar 15 06:01:49 UTC 2015
Author: carnil
Date: 2015-03-15 06:01:49 +0000 (Sun, 15 Mar 2015)
New Revision: 32878
Modified:
data/CVE/list
Log:
Add CVE-2015-2296/requests
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-03-15 05:53:50 UTC (rev 32877)
+++ data/CVE/list 2015-03-15 06:01:49 UTC (rev 32878)
@@ -1,6 +1,10 @@
CVE-2015-2298 [information leak]
- etherpad-lite <itp> (bug #576998)
NOTE: https://github.com/ether/etherpad-lite/commit/a0fb65205c7d7ff95f00eb9fd88e93b300f30c3d
+CVE-2015-2296 [session fixation and cookie stealing]
+ - requests <unfixed>
+ [wheezy] - requests <not-affected> (Vulnerable code introduced in 2.1.0)
+ NOTE: https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc
CVE-2015-2289
NOT-FOR-US: Serendipity
CVE-2015-2287
More information about the Secure-testing-commits
mailing list