[Secure-testing-commits] r39258 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Jan 28 13:34:02 UTC 2016 

Author: carnil
Date: 2016-01-28 13:34:02 +0000 (Thu, 28 Jan 2016)
New Revision: 39258

Modified:
   data/CVE/list
Log:
Some rails issues fixed in unstable

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-01-28 13:30:47 UTC (rev 39257)
+++ data/CVE/list	2016-01-28 13:34:02 UTC (rev 39258)
@@ -3888,7 +3888,7 @@
 	NOTE: http://curl.haxx.se/docs/adv_20160127B.html
 CVE-2016-0753 [Possible Input Validation Circumvention in Active Model]
 	RESERVED
-	- rails <unfixed>
+	- rails 2:4.2.5.1-1
 	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
 	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
 	- ruby-activerecord-3.2 <removed>
@@ -3899,7 +3899,7 @@
 	TODO: check
 CVE-2016-0752 [Possible Information Leak Vulnerability in Action View]
 	RESERVED
-	- rails <unfixed>
+	- rails 2:4.2.5.1-1
 	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
 	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
 	- ruby-actionpack-3.2 <removed>
@@ -3907,7 +3907,7 @@
 	TODO: check
 CVE-2016-0751 [Possible Object Leak and Denial of Service attack in Action Pack]
 	RESERVED
-	- rails <unfixed>
+	- rails 2:4.2.5.1-1
 	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
 	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
 	- ruby-actionpack-3.2 <removed>
@@ -8677,7 +8677,7 @@
 	RESERVED
 CVE-2015-7581 [Object leak vulnerability for wildcard controller routes in Action Pack]
 	RESERVED
-	- rails <unfixed>
+	- rails 2:4.2.5.1-1
 	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
 	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
 	- ruby-actionpack-3.2 <removed>
@@ -8694,7 +8694,7 @@
 	- ruby-rails-html-sanitizer 1.0.3-1 (bug #812814)
 CVE-2015-7577 [Nested attributes rejection proc bypass in Active Record]
 	RESERVED
-	- rails <unfixed>
+	- rails 2:4.2.5.1-1
 	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
 	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
 	- ruby-activerecord-3.2 <removed>
@@ -8702,7 +8702,7 @@
 	TODO: check
 CVE-2015-7576 [Timing attack vulnerability in basic authentication in Action Controller]
 	RESERVED
-	- rails <unfixed>
+	- rails 2:4.2.5.1-1
 	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
 	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
 	- ruby-actionpack-3.2 <removed>

More information about the Secure-testing-commits mailing list