[Secure-testing-commits] r39258 - data/CVE

Thu, 28 Jan 2016 05:35:10 -0800 

Author: carnil
Date: 2016-01-28 13:34:02 +0000 (Thu, 28 Jan 2016)
New Revision: 39258

Modified:
   data/CVE/list
Log:
Some rails issues fixed in unstable

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-01-28 13:30:47 UTC (rev 39257)
+++ data/CVE/list       2016-01-28 13:34:02 UTC (rev 39258)
@@ -3888,7 +3888,7 @@
        NOTE: http://curl.haxx.se/docs/adv_20160127B.html
 CVE-2016-0753 [Possible Input Validation Circumvention in Active Model]
        RESERVED
-       - rails <unfixed>
+       - rails 2:4.2.5.1-1
        [wheezy] - rails <not-affected> (Vulnerable code not present, is only a 
transitional package)
        [squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
        - ruby-activerecord-3.2 <removed>
@@ -3899,7 +3899,7 @@
        TODO: check
 CVE-2016-0752 [Possible Information Leak Vulnerability in Action View]
        RESERVED
-       - rails <unfixed>
+       - rails 2:4.2.5.1-1
        [wheezy] - rails <not-affected> (Vulnerable code not present, is only a 
transitional package)
        [squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
        - ruby-actionpack-3.2 <removed>
@@ -3907,7 +3907,7 @@
        TODO: check
 CVE-2016-0751 [Possible Object Leak and Denial of Service attack in Action 
Pack]
        RESERVED
-       - rails <unfixed>
+       - rails 2:4.2.5.1-1
        [wheezy] - rails <not-affected> (Vulnerable code not present, is only a 
transitional package)
        [squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
        - ruby-actionpack-3.2 <removed>
@@ -8677,7 +8677,7 @@
        RESERVED
 CVE-2015-7581 [Object leak vulnerability for wildcard controller routes in 
Action Pack]
        RESERVED
-       - rails <unfixed>
+       - rails 2:4.2.5.1-1
        [wheezy] - rails <not-affected> (Vulnerable code not present, is only a 
transitional package)
        [squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
        - ruby-actionpack-3.2 <removed>
@@ -8694,7 +8694,7 @@
        - ruby-rails-html-sanitizer 1.0.3-1 (bug #812814)
 CVE-2015-7577 [Nested attributes rejection proc bypass in Active Record]
        RESERVED
-       - rails <unfixed>
+       - rails 2:4.2.5.1-1
        [wheezy] - rails <not-affected> (Vulnerable code not present, is only a 
transitional package)
        [squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
        - ruby-activerecord-3.2 <removed>
@@ -8702,7 +8702,7 @@
        TODO: check
 CVE-2015-7576 [Timing attack vulnerability in basic authentication in Action 
Controller]
        RESERVED
-       - rails <unfixed>
+       - rails 2:4.2.5.1-1
        [wheezy] - rails <not-affected> (Vulnerable code not present, is only a 
transitional package)
        [squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
        - ruby-actionpack-3.2 <removed>


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to