Author: corsac Date: 2013-10-16 20:13:52 +0000 (Wed, 16 Oct 2013) New Revision: 24036
Modified: data/CVE/list Log: add CVEs+bug for pwgen, fix actionmailer CVE (+add bug) Modified: data/CVE/list =================================================================== --- data/CVE/list 2013-10-16 20:03:36 UTC (rev 24035) +++ data/CVE/list 2013-10-16 20:13:52 UTC (rev 24036) @@ -3680,14 +3680,18 @@ RESERVED CVE-2013-4444 RESERVED -CVE-2013-4443 +CVE-2013-4443 [Secure mode has bias towards numbers and uppercase letters] RESERVED -CVE-2013-4442 + - pwgen <unfixed> (bug #726578) +CVE-2013-4442 [Silent fallback to insecure entropy] RESERVED -CVE-2013-4441 + - pwgen <unfixed> (bug #726578) +CVE-2013-4441 [Phonemes mode has heavy bias and is enabled by default] RESERVED -CVE-2013-4440 + - pwgen <unfixed> (bug #726578) +CVE-2013-4440 [non-tty passwords are trivially weak by default] RESERVED + - pwgen <unfixed> (bug #726578) CVE-2013-4439 RESERVED - salt <unfixed> (bug #726480) @@ -3859,10 +3863,7 @@ RESERVED CVE-2013-4389 RESERVED - - ruby-actionmailer-3.2 <unfixed> - - ruby-actionmailer-2.3 <not-affected> (2.3.x not affected) - - rails 2.3.14.1 - NOTE: Starting with 2.3.14.1 rails is a transition package + - ruby-actionmailer-3.2 <unfixed> (bug #726576) CVE-2013-4388 [buffer overflow in the mp4a packetizer] RESERVED - vlc <unfixed> (bug #726528) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits