diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-03-31 23:11:50 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-03-31 23:11:50 +0200 |
commit | fe8711adfd2a6ffe94b4ef91d675a77dac2d2364 (patch) | |
tree | 751a37538ff2454aa2b72fae84356f2d8abac2b0 /data/CVE/2014.list | |
parent | 1e8b4ae1919082370c6192074a9cb01487dafcfe (diff) |
Slightly reorganize notes for CVE-2014-2875
Add the original CVE bug to the source package and expand explanation
why the issue is not exploitable according to the analysis from Brian
May.
Diffstat (limited to 'data/CVE/2014.list')
-rw-r--r-- | data/CVE/2014.list | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/data/CVE/2014.list b/data/CVE/2014.list index cf502428b9..30355fa033 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -19574,11 +19574,10 @@ CVE-2014-2877 CVE-2014-2876 RESERVED CVE-2014-2875 (The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses wea ...) - - lua-cgi <unfixed> (unimportant) + - lua-cgi <unfixed> (unimportant; bug #953037) NOTE: https://github.com/keplerproject/cgilua/issues/17 - NOTE: https://bugs.debian.org/953037 - NOTE: https://bugs.debian.org/954300 - NOTE: The code itself is broken and thus cannot be exploited per se if not fixed. + NOTE: The code itself is broken and thus cannot be exploited per se if not fixed, + NOTE: see details in https://bugs.debian.org/954300 CVE-2014-XXXX [Insecure default permissions for ~/.virtualenvs and scripts] - virtualenvwrapper 4.3-1 (low; bug #745580) [wheezy] - virtualenvwrapper <no-dsa> (Minor issue) |