Author: joeyh
Date: 2014-10-29 21:14:11 +0000 (Wed, 29 Oct 2014)
New Revision: 29731
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-10-29 21:13:59 UTC (rev 29730)
+++ data/CVE/list 2014-10-29 21:14:11 UTC (rev 29731)
@@ -478,17 +478,21 @@
CVE-2014-8293 (Cross-site scripting (XSS) vulnerability in Voice Of Web
AllMyGuests ...)
NOT-FOR-US: Voice Of Web AllMyGuests
CVE-2014-8764 (DokuWiki 2014-05-05a and earlier, when using Active Directory
for LDAP ...)
+ {DSA-3059-1 DLA-79-1}
- dokuwiki 0.0.20140929.a-1 (bug #766545)
NOTE: only fixed in Security Hotfix 2014-05-05b
NOTE: Better fixed at the php5 level:
http://git.php.net/?p=php-src.git;a=commitdiff;h=ad1b9eef98df53adefa0c79c02e5dc1f2b928b8c
CVE-2014-8763 (DokuWiki before 2014-05-05b, when using Active Directory for
LDAP ...)
+ {DSA-3059-1 DLA-79-1}
- dokuwiki 0.0.20140929.a-1 (bug #766545)
NOTE: only fixed in Security Hotfix 2014-05-05b
NOTE: Better fixed at the php5 level:
http://git.php.net/?p=php-src.git;a=commitdiff;h=ad1b9eef98df53adefa0c79c02e5dc1f2b928b8c
CVE-2014-8762 (The ajax_mediadiff function in DokuWiki before 2014-05-05a
allows ...)
+ {DSA-3059-1}
- dokuwiki 0.0.20140505.a+dfsg-1 (bug #766545)
[squeeze] - dokuwiki <not-affected> (Vulnerable code not present)
CVE-2014-8761 (inc/template.php in DokuWiki before 2014-05-05a only checks for
access ...)
+ {DSA-3059-1}
- dokuwiki 0.0.20140505.a+dfsg-1 (bug #766545)
[squeeze] - dokuwiki <not-affected> (Vulnerable code not present)
CVE-2014-8760 (ejabberd before 2.1.13 does not enforce the starttls_required
setting ...)
@@ -11141,7 +11145,7 @@
- jenkins 1.565.3-1 (bug #763899)
CVE-2014-3660 [libxml2 billion laugh variant]
RESERVED
- {DSA-3057-1}
+ {DSA-3057-1 DLA-80-1}
- libxml2 2.9.2+dfsg1-1 (bug #765722)
NOTE:
https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html
NOTE:
https://git.gnome.org/browse/libxml2/commit/?id=be2a7edaf289c5da74a4f9ed3a0b6c733e775230
@@ -11432,7 +11436,7 @@
{DLA-71-1}
- apache2 2.4.10-3
[wheezy] - apache2 <not-affected> (Only affects 2.4)
- NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=56924#c6
+ NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=56924#c6
CVE-2014-3580
RESERVED
CVE-2014-3579
@@ -21392,7 +21396,7 @@
- foreman <itp> (bug #663101)
CVE-2014-0191 [external parameter entity loaded when entity substitution is
disabled]
RESERVED
- {DSA-2978-1 DLA-0016-1}
+ {DSA-2978-1 DLA-80-1 DLA-0016-1}
- libxml2 2.9.1+dfsg1-4 (bug #747309)
[squeeze] - libxml2 2.7.8.dfsg-2+squeeze9
NOTE: patch:
https://git.gnome.org/browse/libxml2/commit/?id=9cd1c3cfbd32655d60572c0a413e017260c854df
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
