Author: carnil
Date: 2015-01-21 19:44:03 +0000 (Wed, 21 Jan 2015)
New Revision: 31587
Modified:
data/CVE/list
Log:
Add two rabbitmq-server issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-21 19:02:43 UTC (rev 31586)
+++ data/CVE/list 2015-01-21 19:44:03 UTC (rev 31587)
@@ -11,6 +11,15 @@
NOTE: https://trac.xiph.org/ticket/2009
NOTE: Upstream fix: https://trac.xiph.org/changeset/19117
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2015/01/21/6
+CVE-2014-XXXX [Bug 26437 - prevent /api/* from returning text/html error
messages which could act as an XSS vector]
+ - rabbitmq-server 3.4.1-1
+ NOTE: https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs
+ NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2015/01/21/13
+CVE-2014-XXXX [Bug 26433 - fix response-splitting vulnerability in
/api/downloads]
+ - rabbitmq-server 3.4.1-1
+ NOTE: https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs
+ NOTE: Fixed by:
https://github.com/rabbitmq/rabbitmq-management/commit/b5a5fc31bd49ad821a655ea9e2fe920d670a62ad
+ NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2015/01/21/13
CVE-2015-XXXX [(another) directory traversal via symlinks -- incomplete fix
for CVE-2015-1196]
- patch <unfixed> (bug #775901)
[wheezy] - patch <not-affected> (Not affected by CVE-2015-1196 and no
incomplete fix applied)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
