Author: jmm
Date: 2015-03-26 08:51:40 +0000 (Thu, 26 Mar 2015)
New Revision: 33157
Modified:
data/CVE/list
Log:
jenkins/freeipa bugs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-03-26 08:40:06 UTC (rev 33156)
+++ data/CVE/list 2015-03-26 08:51:40 UTC (rev 33157)
@@ -2169,9 +2169,8 @@
RESERVED
CVE-2015-1827 [memory corruption when using get_user_grouplist()]
RESERVED
- - freeipa <unfixed>
+ - freeipa <unfixed> (bug #781224)
NOTE: https://fedorahosted.org/freeipa/ticket/4908
- TODO: check if it affects as well 4.0.x, upstream commits have testcases
CVE-2015-1826
RESERVED
CVE-2015-1825
@@ -2203,39 +2202,39 @@
NOT-FOR-US: setroubleshoot
CVE-2015-1814 [SECURITY-180, orced API token change]
RESERVED
- - jenkins <unfixed>
+ - jenkins <unfixed> (bug #781223)
NOTE:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23
CVE-2015-1813 [SECURITY-177, Reflective XSS vulnerability]
RESERVED
- - jenkins <unfixed>
+ - jenkins <unfixed> (bug #781223)
NOTE:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23
CVE-2015-1812 [SECURITY-171, Reflective XSS vulnerability]
RESERVED
- - jenkins <unfixed>
+ - jenkins <unfixed> (bug #781223)
NOTE:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23
CVE-2015-1811 [External entity processing in XML can reveal sensitive local
files (SECURITY-167)]
RESERVED
- - jenkins <unfixed>
+ - jenkins <unfixed> (bug #781223)
NOTE:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
CVE-2015-1810 [HudsonPrivateSecurityRealm allows creation of reserved names
(SECURITY-166)]
RESERVED
- - jenkins <unfixed>
+ - jenkins <unfixed> (bug #781223)
NOTE:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
CVE-2015-1809 [external entity injection via XPath (SECURITY-165)]
RESERVED
- - jenkins <unfixed>
+ - jenkins <unfixed> (bug #781223)
NOTE:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
CVE-2015-1808 [pdate center metadata retrieval DoS attack (SECURITY-163)]
RESERVED
- - jenkins <unfixed>
+ - jenkins <unfixed> (bug #781223)
NOTE:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
CVE-2015-1807 [directory traversal from artifacts via symlink (SECURITY-162)]
RESERVED
- - jenkins <unfixed>
+ - jenkins <unfixed> (bug #781223)
NOTE:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
CVE-2015-1806 [Combination filter Groovy script unsecured (SECURITY-125)]
RESERVED
- - jenkins <unfixed>
+ - jenkins <unfixed> (bug #781223)
NOTE:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
CVE-2015-1805
RESERVED
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
