[Secure-testing-commits] r39167 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Mon Jan 25 21:14:41 UTC 2016


Author: carnil
Date: 2016-01-25 21:14:41 +0000 (Mon, 25 Jan 2016)
New Revision: 39167

Modified:
   data/CVE/list
Log:
Add CVE-2015-7576, kept TODO

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-01-25 21:10:18 UTC (rev 39166)
+++ data/CVE/list	2016-01-25 21:14:41 UTC (rev 39167)
@@ -8456,8 +8456,15 @@
 	RESERVED
 CVE-2015-7577
 	RESERVED
-CVE-2015-7576
+CVE-2015-7576 [Timing attack vulnerability in basic authentication in Action Controller]
 	RESERVED
+	- rails <unfixed>
+	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
+	- ruby-actionpack-3.2 <removed>
+	- ruby-actionpack-2.3 <removed>
+	- ruby-activesupport-3.2 <removed>
+	- ruby-activesupport-2.3 <removed>
+	TODO: check
 CVE-2015-7575 (Mozilla Network Security Services (NSS) before 3.20.2, as used in ...)
 	{DSA-3437-1 DSA-3436-1}
 	- iceweasel 43.0.2-1




More information about the Secure-testing-commits mailing list