[Secure-testing-commits] r25831 - data/CVE

Salvatore Bonaccorso Fri, 21 Feb 2014 21:50:23 -0800

Author: carnil
Date: 2014-02-22 05:49:20 +0000 (Sat, 22 Feb 2014)
New Revision: 25831


Modified:
   data/CVE/list
Log:
Add new rails-3.2 source package. Packaging was unified into one source package 
again

Note for the tracker: at commit point both rails-3.2 and ruby-*-3.2
still in unstable. Thus left the ruby-*-3.2 <unfixed> items

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2014-02-21 15:09:10 UTC (rev 25830)
+++ data/CVE/list       2014-02-22 05:49:20 UTC (rev 25831)
@@ -5231,6 +5231,7 @@
        TODO: check
 CVE-2014-0082 (actionpack/lib/action_view/template/text.rb in Action View in 
Ruby on ...)
        - rails-4.0 <not-affected> (only 3.2.x and earlier)
+       - rails-3.2 <unfixed>
        - ruby-actionpack-3.2 <unfixed>
        - ruby-actionpack-2.3 <removed>
        - rails 2.3.14.1
@@ -5238,6 +5239,7 @@
        TODO: check
 CVE-2014-0081 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
        - rails-4.0 <unfixed>
+       - rails-3.2 <unfixed>
        - ruby-actionpack-3.2 <unfixed>
        - ruby-actionpack-2.3 <removed>
        - rails 2.3.14.1
@@ -6795,6 +6797,7 @@
        NOTE: fix: https://bugzilla.redhat.com/attachment.cgi?id=851357
 CVE-2013-6417 (actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails 
before ...)
        - rails-4.0 4.0.2+dfsg-1 (bug #731290)
+       - rails-3.2 3.2.16-3+0
        - ruby-actionpack-3.2 3.2.16-1 (bug #731288)
        - ruby-actionpack-2.3 <not-affected> (vulnerable code not present)
        - rails 2.3.14.1
@@ -6808,12 +6811,14 @@
        NOTE: Starting with 2.3.14.1 rails is a transition package
 CVE-2013-6415 (Cross-site scripting (XSS) vulnerability in the 
number_to_currency ...)
        - rails-4.0 4.0.2+dfsg-1 (bug #731290)
+       - rails-3.2 3.2.16-3+0
        - ruby-actionpack-3.2 3.2.16-1 (bug #731288)
        - ruby-actionpack-2.3 <removed> (bug #731289)
        - rails 2.3.14.1
        NOTE: Starting with 2.3.14.1 rails is a transition package
 CVE-2013-6414 (actionpack/lib/action_view/lookup_context.rb in Action View in 
Ruby on ...)
        - rails-4.0 4.0.2+dfsg-1 (bug #731290)
+       - rails-3.2 3.2.16-3+0
        - ruby-actionpack-3.2 3.2.16-1 (bug #731288)
        - ruby-actionpack-2.3 <not-affected> (vulnerable code not present)
        - rails <not-affected> (vulnerable code not present)
@@ -11562,6 +11567,7 @@
        [squeeze] - libi18n-ruby <not-affected> (vulnerable code not present)
 CVE-2013-4491 (Cross-site scripting (XSS) vulnerability in ...)
        - rails-4.0 4.0.2+dfsg-1 (bug #731290)
+       - rails-3.2 3.2.16-3+0
        - ruby-actionpack-3.2 3.2.16-1 (bug #731288)
        - ruby-actionpack-2.3 <not-affected> (vulnerable code not present)
        - rails <not-affected> (Vulnerable code not present)
@@ -14923,6 +14929,7 @@
        - linux-2.6 <removed> (low)
        - linux 3.8.11-1 (low)
 CVE-2013-3221 (The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 
3.1.x, and ...)
+       - rails-3.2 <unfixed> (unimportant)
        - ruby-activerecord-3.2 <unfixed> (unimportant)
        - ruby-activerecord-2.3 <unfixed> (unimportant)
        - rails 2.3.14.1 (unimportant)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r25831 - data/CVE

Reply via email to