CVE-2014-10399,CVE-2014-10400/lua-cgi: not-affected

author: Sylvain Beucler <beuc@beuc.net> 2020-03-03 15:44:54 +0100
committer: Sylvain Beucler <beuc@beuc.net> 2020-03-03 15:44:54 +0100
commit: 3d29801fde314265e8032fe12deaf6935cd04d49 (patch)
tree: b9293194f5659440da93d3ca7fcc5968aa512c74 /data/CVE/2014.list
parent: a58061cfcd55b85f8b1639c14a4d07d74eddbf54 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index c9aa3e76ab..01778676fd 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -1,7 +1,9 @@
 CVE-2014-10400 (The session.lua library in CGILua 5.0.x uses sequential session IDs, w ...)
-	- lua-cgi <unfixed>
+	- lua-cgi <not-affected> (session generation changed in 5.1.x, cf. CVE-2014-10399)
+	NOTE: https://seclists.org/fulldisclosure/2014/Apr/318
 CVE-2014-10399 (The session.lua library in CGILua 5.1.x uses the same ID for each sess ...)
-	- lua-cgi <unfixed>
+	- lua-cgi <not-affected> (session generation changed in 5.2.x, cf. CVE-2014-2875)
+	NOTE: https://seclists.org/fulldisclosure/2014/Apr/318
 CVE-2014-10398 (Multiple cross-site scripting (XSS) vulnerabilities in bsi.dll in Bank ...)
 	NOT-FOR-US: Bank Soft Systems (BSS) RBS BS-Client
 CVE-2014-10397 (The Antioch theme through 2014-09-07 for WordPress allows arbitrary fi ...)
author	Sylvain Beucler <beuc@beuc.net>	2020-03-03 15:44:54 +0100
committer	Sylvain Beucler <beuc@beuc.net>	2020-03-03 15:44:54 +0100
commit	3d29801fde314265e8032fe12deaf6935cd04d49 (patch)
tree	b9293194f5659440da93d3ca7fcc5968aa512c74 /data/CVE/2014.list
parent	a58061cfcd55b85f8b1639c14a4d07d74eddbf54 (diff)