[Secure-testing-commits] r28832 - data/CVE

Salvatore Bonaccorso Tue, 16 Sep 2014 10:34:40 -0700

Author: carnil
Date: 2014-09-16 17:34:12 +0000 (Tue, 16 Sep 2014)
New Revision: 28832


Modified:
   data/CVE/list
Log:
Update apt issues descriptions and unstable version for CVE-2014-0490

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2014-09-16 17:24:22 UTC (rev 28831)
+++ data/CVE/list       2014-09-16 17:34:12 UTC (rev 28832)
@@ -14598,17 +14598,18 @@
        NOT-FOR-US: Flash plugin
 CVE-2014-0491 (Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x 
before ...)
        NOT-FOR-US: Flash plugin
-CVE-2014-0490
+CVE-2014-0490 [incorrect apt-get download validation]
        RESERVED
-       - apt 1.0.9
+       - apt 0.9.12
+       NOTE: fixed with commit 
http://anonscm.debian.org/cgit/apt/apt.git/commit/?id=d57f6084aaa3972073114973d149ea2291b36682
        [squeeze] - apt <not-affected> (apt download command and vulnerable 
code not present)
-CVE-2014-0489
+CVE-2014-0489 [incorrect verification of Acquire::Gzip indexes]
        RESERVED
        - apt 1.0.9
-CVE-2014-0488
+CVE-2014-0488 [incorrect invalidating of unauthenticated data]
        RESERVED
        - apt 1.0.9
-CVE-2014-0487
+CVE-2014-0487 [incorrect verification of 304 reply]
        RESERVED
        - apt 1.0.9
 CVE-2014-0486 [remote crash with crafted DNS message]


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r28832 - data/CVE

Reply via email to