[Secure-testing-commits] r23725 - data/CVE

Salvatore Bonaccorso Wed, 18 Sep 2013 22:01:37 -0700

Author: carnil
Date: 2013-09-19 04:59:40 +0000 (Thu, 19 Sep 2013)
New Revision: 23725


Modified:
   data/CVE/list
Log:
Add item for CVE-2013-4363/rubygems

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2013-09-18 21:14:27 UTC (rev 23724)
+++ data/CVE/list       2013-09-19 04:59:40 UTC (rev 23725)
@@ -3071,6 +3071,11 @@
        RESERVED
 CVE-2013-4363
        RESERVED
+       - rubygems <unfixed> (unimportant; bug #722361)
+       [squeeze] - libgems-ruby <removed> (unimportant; bug #722361)
+       NOTE: Non-issue, you trust the site providing the gem with installing 
arbitrary code, allowing
+       NOTE: it a potential elevated CPU consumption doesn't add any extra harm
+       NOTE: CVE for incomplete fix for CVE-2013-4287
 CVE-2013-4362 [Insecure use of system]
        RESERVED
        - davfs2 <unfixed> (bug #723034)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r23725 - data/CVE

Reply via email to