[Secure-testing-commits] r32918 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Mar 16 15:49:52 UTC 2015
Author: carnil
Date: 2015-03-16 15:49:52 +0000 (Mon, 16 Mar 2015)
New Revision: 32918
Modified:
data/CVE/list
Log:
Mark freeipa issue as unimportant
NOTE for reviewers: Vulnerable code patched by the upstream commit
af9fd4dfe2c18e52127480c959c35ad37b566095 seems present, but not in the
resulting binary packages. Please double-check.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-03-16 15:31:32 UTC (rev 32917)
+++ data/CVE/list 2015-03-16 15:49:52 UTC (rev 32918)
@@ -11463,9 +11463,9 @@
RESERVED
NOT-FOR-US: ovirt-engine-webadmin
CVE-2014-7850 (Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x ...)
- - freeipa <unfixed>
+ - freeipa <unfixed> (unimportant)
NOTE: https://fedorahosted.org/freeipa/ticket/4742
- TODO: check (possibly unimportant severity if we don't include WebUI part and only have vulnerable code)
+ NOTE: Upstream commit: https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=af9fd4dfe2c18e52127480c959c35ad37b566095
CVE-2014-7849 (The Role Based Access Control (RBAC) implementation in JBoss ...)
NOT-FOR-US: JBoss AS/WildFly Domain Management
CVE-2014-7848 (lib/phpunit/bootstrap.php in Moodle 2.6.x before 2.6.6 and 2.7.x ...)
More information about the Secure-testing-commits
mailing list