summaryrefslogtreecommitdiffstats
path: root/data/CVE/2014.list
Commit message (Collapse)AuthorAgeFilesLines
* Merge updates acked and included in the Debian buster 10.8 point releaseSalvatore Bonaccorso2021-02-061-1/+1
| | | | | | | For the first time with the help of 'merge-cve-files' as implemented by Emilio Pozuelo Monfort. next-point-update.txt: Cleanup list from merged entries
* Replace some old code hosting references to new locationSalvatore Bonaccorso2020-12-161-3/+3
|
* CVE/list: fix whitespace inconsistenciesEmilio Pozuelo Monfort2020-12-021-2/+2
|
* Update mp3gain infoStefan Fritsch2020-11-071-1/+1
| | | | | mp3gain has been re-introduced into Debian. It no longer embeds mpg123.
* automatic updatesecurity tracker role2020-11-061-3/+3
|
* CVE/list: sort release entries after their package entryEmilio Pozuelo Monfort2020-11-051-10/+11
|
* Mark CVE-2014-10402/libdbi-perl as no-dsaSalvatore Bonaccorso2020-10-281-1/+1
|
* Track fixed version for CVE-2014-10402/libdbi-perlSalvatore Bonaccorso2020-10-281-1/+1
|
* Add Debian bug reference for CVE-2014-10402/libdbi-perlSalvatore Bonaccorso2020-10-131-1/+1
|
* Reference proposed fix for CVE-2014-10401/libdbi-perlSalvatore Bonaccorso2020-10-061-0/+1
|
* CVE-2014-10402/libdbi-perl: stretch postponedSylvain Beucler2020-09-281-0/+1
|
* postpone decision on CVE-2014-10402Salvatore Bonaccorso2020-09-171-0/+1
|
* Add CVE-2014-10402/libdbi-perlSalvatore Bonaccorso2020-09-161-1/+2
|
* automatic updatesecurity tracker role2020-09-161-0/+2
|
* NFUsMoritz Muehlenhoff2020-09-131-1/+1
|
* Add CVE-2014-10401/libdbi-perlSalvatore Bonaccorso2020-09-121-1/+3
|
* automatic updatesecurity tracker role2020-09-111-0/+2
|
* automatic updatesecurity tracker role2020-09-111-2/+2
|
* automatic updatesecurity tracker role2020-08-301-0/+1
|
* Restore severity asssignment and mark source as removedSalvatore Bonaccorso2020-08-301-1/+1
|
* Reserve DLA-2356-1 for freerdpMike Gabriel2020-08-301-1/+1
|
* Use HTTPS transport for www.openwall.com/lists/oss-security URLsSalvatore Bonaccorso2020-08-241-55/+55
|
* Reference bugs.php.net URLs with HTTPS transportSalvatore Bonaccorso2020-08-231-2/+2
|
* Replace git.php.net HTTP URLs with HTTPS URLsSalvatore Bonaccorso2020-08-231-12/+12
|
* Switch some http://git.ghostscript.com URLSSalvatore Bonaccorso2020-08-221-1/+1
|
* NFUsMoritz Muehlenhoff2020-07-311-1/+1
|
* Mark CVE-2014-3566/netsurf as fixed with 3.6-1Salvatore Bonaccorso2020-07-291-1/+1
| | | | | | | Upstream commit b2242c57e17f ("HTTPS: disable all SSL versions; emit fallback SCSV on downgrade.") in 3.3 disables SSLv3. Later on commit a8bf9b05aa94 ("HTTPS: restrict ciphersuites") in 3.8 restricts further the cipyersuites.
* automatic updatesecurity tracker role2020-07-221-2/+2
|
* CVE-2014-9365/python3.4: jessie triage precisionSylvain Beucler2020-06-231-1/+1
|
* Process NFUsSalvatore Bonaccorso2020-06-021-10/+10
|
* Process NFUsSalvatore Bonaccorso2020-06-021-3/+3
|
* automatic updatesecurity tracker role2020-06-011-27/+27
|
* new ntp issueMoritz Muehlenhoff2020-05-281-1/+1
| | | | | NFUs add and take ffmpeg
* automatic updatesecurity tracker role2020-05-081-2/+2
|
* Slightly reorganize notes for CVE-2014-2875Salvatore Bonaccorso2020-03-311-4/+3
| | | | | | Add the original CVE bug to the source package and expand explanation why the issue is not exploitable according to the analysis from Brian May.
* Demote CVE-2014-2875 to unimportantSalvatore Bonaccorso2020-03-311-1/+2
| | | | | | Reasoning: as per previous commit the issue is present, but due to the code beeing broken the issue is unexploitable. Mark the issue as unfixed but demote it to unimportant.
* lua-cgi - code is broken and cannot be exploitedBrian May2020-04-011-1/+3
| | | | | | | | | | | | | As per bug #954300, the session.close function is broken. This means it is not possible to save session data. This in turn means it there are no concerns if the session id is made public because there is no sensitive data associated with the session. So it doesn't matter if somebody attempts to guess the session id because it doesn't reveal anything useful. This bug is trivial to resolve, however the fact that nobody is complaining about this bug or trying to fix the bug would strongly suggest that nobody is using session management with lua-cgi.
* "new" ruby issue, "new" bitcoin issues, NFUsMoritz Muehlenhoff2020-03-241-3/+3
|
* vino fixedMoritz Muehlenhoff2020-03-211-1/+1
|
* Reference reported upstream issue for CVE-2014-2875Salvatore Bonaccorso2020-03-191-0/+1
|
* automatic updatesecurity tracker role2020-03-191-6/+6
|
* NFUsMoritz Muehlenhoff2020-03-091-4/+3
|
* automatic updatesecurity tracker role2020-03-091-2/+2
|
* CVE-2014-2875/lua-cgi: reference BTSSylvain Beucler2020-03-031-1/+1
|
* CVE-2014-10399,CVE-2014-10400/lua-cgi: not-affectedSylvain Beucler2020-03-031-2/+4
|
* NFUsMoritz Muehlenhoff2020-03-021-3/+3
|
* automatic updatesecurity tracker role2020-03-021-0/+1
|
* Remove todo item from CVE-2014-6262Salvatore Bonaccorso2020-02-291-1/+0
|
* Add CVE-2014-6262/rrdtoolSalvatore Bonaccorso2020-02-291-0/+4
|
* Process NFUsSalvatore Bonaccorso2020-02-281-8/+8
|

© 2014-2024 Faster IT GmbH | imprint | privacy policy