diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-03-31 22:41:38 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-03-31 22:41:38 +0200 |
commit | acd06c42dd9db0a8acfbb2c84745e5645905872f (patch) | |
tree | 9cd2230b2a7ef516fecdb583048a02e8c2d846fe | |
parent | 10c8c53f890a29bcb892bc2cdbd3d25f0c69e754 (diff) |
Demote CVE-2014-2875 to unimportant
Reasoning: as per previous commit the issue is present, but due to the
code beeing broken the issue is unexploitable. Mark the issue as unfixed
but demote it to unimportant.
-rw-r--r-- | data/CVE/2014.list | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 957d49fd15..cf502428b9 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -19574,10 +19574,11 @@ CVE-2014-2877 CVE-2014-2876 RESERVED CVE-2014-2875 (The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses wea ...) - - lua-cgi <not-affected> (code is broken and cannot be exploited) + - lua-cgi <unfixed> (unimportant) NOTE: https://github.com/keplerproject/cgilua/issues/17 NOTE: https://bugs.debian.org/953037 NOTE: https://bugs.debian.org/954300 + NOTE: The code itself is broken and thus cannot be exploited per se if not fixed. CVE-2014-XXXX [Insecure default permissions for ~/.virtualenvs and scripts] - virtualenvwrapper 4.3-1 (low; bug #745580) [wheezy] - virtualenvwrapper <no-dsa> (Minor issue) |