Author: hertzog Date: 2014-09-22 12:16:38 +0000 (Mon, 22 Sep 2014) New Revision: 28953
Modified: data/CVE/list data/dla-needed.txt Log: Mark CVE-2014-3577/axis as unfixed The bug number referred to CVE-2012-5784 which got patched in Debian but whose patch was not robust enough. An updated patch is available. Modified: data/CVE/list =================================================================== --- data/CVE/list 2014-09-22 10:11:35 UTC (rev 28952) +++ data/CVE/list 2014-09-22 12:16:38 UTC (rev 28953) @@ -6991,9 +6991,8 @@ NOTE: https://bugs.php.net/bug.php?id=67717 NOTE: incomplete fix for CVE-2014-4049 CVE-2014-3596 (The getCN function in Apache Axis 1.4 and earlier does not properly ...) - - axis 1.4-16.2 (low; bug #692650) + - axis <unfixed> (low; bug #762444) NOTE: https://issues.apache.org/jira/secure/attachment/12662672/CVE-2014-3596.patch - TODO: double-check CVE-2014-3595 RESERVED NOT-FOR-US: Red Hat Satellite Modified: data/dla-needed.txt =================================================================== --- data/dla-needed.txt 2014-09-22 10:11:35 UTC (rev 28952) +++ data/dla-needed.txt 2014-09-22 12:16:38 UTC (rev 28953) @@ -11,6 +11,8 @@ -- apt (Michael Vogt, Salvatore Bonaccorso) -- +axis +-- commons-beanutils -- curl (Thorsten Alteholz) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits