Author: jmm Date: 2015-03-26 08:51:40 +0000 (Thu, 26 Mar 2015) New Revision: 33157
Modified: data/CVE/list Log: jenkins/freeipa bugs Modified: data/CVE/list =================================================================== --- data/CVE/list 2015-03-26 08:40:06 UTC (rev 33156) +++ data/CVE/list 2015-03-26 08:51:40 UTC (rev 33157) @@ -2169,9 +2169,8 @@ RESERVED CVE-2015-1827 [memory corruption when using get_user_grouplist()] RESERVED - - freeipa <unfixed> + - freeipa <unfixed> (bug #781224) NOTE: https://fedorahosted.org/freeipa/ticket/4908 - TODO: check if it affects as well 4.0.x, upstream commits have testcases CVE-2015-1826 RESERVED CVE-2015-1825 @@ -2203,39 +2202,39 @@ NOT-FOR-US: setroubleshoot CVE-2015-1814 [SECURITY-180, orced API token change] RESERVED - - jenkins <unfixed> + - jenkins <unfixed> (bug #781223) NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23 CVE-2015-1813 [SECURITY-177, Reflective XSS vulnerability] RESERVED - - jenkins <unfixed> + - jenkins <unfixed> (bug #781223) NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23 CVE-2015-1812 [SECURITY-171, Reflective XSS vulnerability] RESERVED - - jenkins <unfixed> + - jenkins <unfixed> (bug #781223) NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23 CVE-2015-1811 [External entity processing in XML can reveal sensitive local files (SECURITY-167)] RESERVED - - jenkins <unfixed> + - jenkins <unfixed> (bug #781223) NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27 CVE-2015-1810 [HudsonPrivateSecurityRealm allows creation of reserved names (SECURITY-166)] RESERVED - - jenkins <unfixed> + - jenkins <unfixed> (bug #781223) NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27 CVE-2015-1809 [external entity injection via XPath (SECURITY-165)] RESERVED - - jenkins <unfixed> + - jenkins <unfixed> (bug #781223) NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27 CVE-2015-1808 [pdate center metadata retrieval DoS attack (SECURITY-163)] RESERVED - - jenkins <unfixed> + - jenkins <unfixed> (bug #781223) NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27 CVE-2015-1807 [directory traversal from artifacts via symlink (SECURITY-162)] RESERVED - - jenkins <unfixed> + - jenkins <unfixed> (bug #781223) NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27 CVE-2015-1806 [Combination filter Groovy script unsecured (SECURITY-125)] RESERVED - - jenkins <unfixed> + - jenkins <unfixed> (bug #781223) NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27 CVE-2015-1805 RESERVED _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits