diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-03-31 22:41:38 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-03-31 22:41:38 +0200 |
commit | acd06c42dd9db0a8acfbb2c84745e5645905872f (patch) | |
tree | 9cd2230b2a7ef516fecdb583048a02e8c2d846fe /data/CVE/2014.list | |
parent | 10c8c53f890a29bcb892bc2cdbd3d25f0c69e754 (diff) |
Demote CVE-2014-2875 to unimportant
Reasoning: as per previous commit the issue is present, but due to the
code beeing broken the issue is unexploitable. Mark the issue as unfixed
but demote it to unimportant.
Diffstat (limited to 'data/CVE/2014.list')
-rw-r--r-- | data/CVE/2014.list | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 957d49fd15..cf502428b9 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -19574,10 +19574,11 @@ CVE-2014-2877 CVE-2014-2876 RESERVED CVE-2014-2875 (The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses wea ...) - - lua-cgi <not-affected> (code is broken and cannot be exploited) + - lua-cgi <unfixed> (unimportant) NOTE: https://github.com/keplerproject/cgilua/issues/17 NOTE: https://bugs.debian.org/953037 NOTE: https://bugs.debian.org/954300 + NOTE: The code itself is broken and thus cannot be exploited per se if not fixed. CVE-2014-XXXX [Insecure default permissions for ~/.virtualenvs and scripts] - virtualenvwrapper 4.3-1 (low; bug #745580) [wheezy] - virtualenvwrapper <no-dsa> (Minor issue) |