[Secure-testing-commits] r40072 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Feb 29 20:42:17 UTC 2016
Author: carnil
Date: 2016-02-29 20:42:16 +0000 (Mon, 29 Feb 2016)
New Revision: 40072
Modified:
data/CVE/list
Log:
Add CVE-2016-2098/rails, needs check
Note for reviewers: This is only added as additional template. Verifying
the affected versions and source packages needs to be done properly.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-02-29 20:21:26 UTC (rev 40071)
+++ data/CVE/list 2016-02-29 20:42:16 UTC (rev 40072)
@@ -1620,8 +1620,17 @@
RESERVED
CVE-2016-2099
RESERVED
-CVE-2016-2098
+CVE-2016-2098 [Possible remote code execution vulnerability in Action Pack]
RESERVED
+ - rails <unfixed>
+ [wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
+ [squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
+ - ruby-actionpack-3.2 <removed>
+ - ruby-actionpack-2.3 <removed>
+ [wheezy] - ruby-actionpack-2.3 <end-of-life>
+ NOTE: Versions Affected: 3.2.x, 4.0.x, 4.1.x, 4.2.x
+ NOTE: Fixed Versions: 3.2.22.2, 4.1.14.2, 4.2.5.2
+ TODO: check
CVE-2016-2097
RESERVED
CVE-2016-2096
More information about the Secure-testing-commits
mailing list