Author: jmm Date: 2014-07-19 10:10:43 +0000 (Sat, 19 Jul 2014) New Revision: 27828
Modified: data/CVE/list data/dsa-needed.txt Log: ipython no-dsa mark rails 2.3 as eol take transmission Modified: data/CVE/list =================================================================== --- data/CVE/list 2014-07-19 10:08:28 UTC (rev 27827) +++ data/CVE/list 2014-07-19 10:10:43 UTC (rev 27828) @@ -3457,20 +3457,20 @@ - musl <unfixed> (bug #750815) CVE-2014-3483 (SQL injection vulnerability in ...) - ruby-activerecord-2.3 <removed> + [wheezy] - ruby-activerecord-2.3 <end-of-life> - ruby-activerecord-3.2 <removed> - rails <unfixed> [wheezy] - rails <not-affected> (src:rails in wheezy is just a transition package) - rails-3.2 3.2.19-1 - rails-4.0 <unfixed> - TODO: check, additionally rails is now again a sourcepackage e.g. providing ruby-activerecord-3.2 CVE-2014-3482 (SQL injection vulnerability in ...) - ruby-activerecord-2.3 <removed> + [wheezy] - ruby-activerecord-2.3 <end-of-life> - ruby-activerecord-3.2 <removed> - rails <unfixed> [wheezy] - rails <not-affected> (src:rails in wheezy is just a transition package) - rails-3.2 3.2.19-1 - rails-4.0 <unfixed> - TODO: check, additionally rails is now again a sourcepackage e.g. providing ruby-activerecord-3.2 CVE-2014-3481 (org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat ...) - jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226) CVE-2014-3480 (The cdf_count_chain function in cdf.c in file before 5.19, as used in ...) @@ -3725,7 +3725,8 @@ NOT-FOR-US: Symantec PGP Desktop CVE-2014-3429 [Cross domain websocket hijacking] RESERVED - - ipython 1.2.0~rc1-1 + - ipython 1.2.0~rc1-1 (low) + [wheezy] - ipython <no-dsa> (Minor issue) [squeeze] - ipython <not-affected> (Vulnerable code not present) NOTE: https://github.com/ipython/ipython/pull/4845 CVE-2014-3428 (Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with ...) @@ -13070,6 +13071,7 @@ - rails-3.2 3.2.17-1 - ruby-actionpack-3.2 <removed> - ruby-actionpack-2.3 <removed> + [wheezy] - ruby-actionpack-2.3 <end-of-life> - rails 2.3.14.1 [squeeze] - rails <end-of-life> (Unsupported in squeeze-lts) NOTE: Starting with 2.3.14.1 rails is a transition package @@ -13079,6 +13081,7 @@ - rails-3.2 3.2.17-1 - ruby-actionpack-3.2 <removed> - ruby-actionpack-2.3 <removed> + [wheezy] - ruby-actionpack-2.3 <end-of-life> - rails 2.3.14.1 [squeeze] - rails <end-of-life> (Unsupported in squeeze-lts) NOTE: Starting with 2.3.14.1 rails is a transition package @@ -14744,6 +14747,7 @@ - rails-3.2 3.2.16-3+0 - ruby-actionpack-3.2 3.2.16-1 (bug #731288) - ruby-actionpack-2.3 <removed> (bug #731289) + [wheezy] - ruby-actionpack-2.3 <end-of-life> - rails <not-affected> (vulnerable code not present) NOTE: Starting with 2.3.14.1 rails is a transition package CVE-2013-6414 (actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on ...) Modified: data/dsa-needed.txt =================================================================== --- data/dsa-needed.txt 2014-07-19 10:08:28 UTC (rev 27827) +++ data/dsa-needed.txt 2014-07-19 10:10:43 UTC (rev 27828) @@ -52,10 +52,7 @@ -- qemu-kvm (jmm) -- -ruby-actionpack-2.3 (jmm) - will be EOLed +transmission (jmm) -- -transmission --- xen -- _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits