Author: corsac
Date: 2013-10-16 20:13:52 +0000 (Wed, 16 Oct 2013)
New Revision: 24036
Modified:
data/CVE/list
Log:
add CVEs+bug for pwgen, fix actionmailer CVE (+add bug)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-10-16 20:03:36 UTC (rev 24035)
+++ data/CVE/list 2013-10-16 20:13:52 UTC (rev 24036)
@@ -3680,14 +3680,18 @@
RESERVED
CVE-2013-4444
RESERVED
-CVE-2013-4443
+CVE-2013-4443 [Secure mode has bias towards numbers and uppercase letters]
RESERVED
-CVE-2013-4442
+ - pwgen <unfixed> (bug #726578)
+CVE-2013-4442 [Silent fallback to insecure entropy]
RESERVED
-CVE-2013-4441
+ - pwgen <unfixed> (bug #726578)
+CVE-2013-4441 [Phonemes mode has heavy bias and is enabled by default]
RESERVED
-CVE-2013-4440
+ - pwgen <unfixed> (bug #726578)
+CVE-2013-4440 [non-tty passwords are trivially weak by default]
RESERVED
+ - pwgen <unfixed> (bug #726578)
CVE-2013-4439
RESERVED
- salt <unfixed> (bug #726480)
@@ -3859,10 +3863,7 @@
RESERVED
CVE-2013-4389
RESERVED
- - ruby-actionmailer-3.2 <unfixed>
- - ruby-actionmailer-2.3 <not-affected> (2.3.x not affected)
- - rails 2.3.14.1
- NOTE: Starting with 2.3.14.1 rails is a transition package
+ - ruby-actionmailer-3.2 <unfixed> (bug #726576)
CVE-2013-4388 [buffer overflow in the mp4a packetizer]
RESERVED
- vlc <unfixed> (bug #726528)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
