Author: hertzog
Date: 2014-09-22 12:16:38 +0000 (Mon, 22 Sep 2014)
New Revision: 28953
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Mark CVE-2014-3577/axis as unfixed
The bug number referred to CVE-2012-5784 which got patched in Debian
but whose patch was not robust enough. An updated patch is available.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-09-22 10:11:35 UTC (rev 28952)
+++ data/CVE/list 2014-09-22 12:16:38 UTC (rev 28953)
@@ -6991,9 +6991,8 @@
NOTE: https://bugs.php.net/bug.php?id=67717
NOTE: incomplete fix for CVE-2014-4049
CVE-2014-3596 (The getCN function in Apache Axis 1.4 and earlier does not
properly ...)
- - axis 1.4-16.2 (low; bug #692650)
+ - axis <unfixed> (low; bug #762444)
NOTE:
https://issues.apache.org/jira/secure/attachment/12662672/CVE-2014-3596.patch
- TODO: double-check
CVE-2014-3595
RESERVED
NOT-FOR-US: Red Hat Satellite
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2014-09-22 10:11:35 UTC (rev 28952)
+++ data/dla-needed.txt 2014-09-22 12:16:38 UTC (rev 28953)
@@ -11,6 +11,8 @@
--
apt (Michael Vogt, Salvatore Bonaccorso)
--
+axis
+--
commons-beanutils
--
curl (Thorsten Alteholz)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
