CVE-2014-10399,CVE-2014-10400/lua-cgi: not-affected

author: Sylvain Beucler <beuc@beuc.net> 2020-03-03 15:44:54 +0100
committer: Sylvain Beucler <beuc@beuc.net> 2020-03-03 15:44:54 +0100
commit: 9b6978634dd072e5c68437f9d2c7ed6ce399d5d9 (patch)
tree: d9d4e433916326542ca3b4d3cd2cf9d68b724f8b /data/CVE/list.2014
parent: 545f431a51ca442102bab3965a9782b32a161402 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/data/CVE/list.2014 b/data/CVE/list.2014
index c9aa3e76ab..01778676fd 100644
--- a/data/CVE/list.2014
+++ b/data/CVE/list.2014
@@ -1,7 +1,9 @@
 CVE-2014-10400 (The session.lua library in CGILua 5.0.x uses sequential session IDs, w ...)
-	- lua-cgi <unfixed>
+	- lua-cgi <not-affected> (session generation changed in 5.1.x, cf. CVE-2014-10399)
+	NOTE: https://seclists.org/fulldisclosure/2014/Apr/318
 CVE-2014-10399 (The session.lua library in CGILua 5.1.x uses the same ID for each sess ...)
-	- lua-cgi <unfixed>
+	- lua-cgi <not-affected> (session generation changed in 5.2.x, cf. CVE-2014-2875)
+	NOTE: https://seclists.org/fulldisclosure/2014/Apr/318
 CVE-2014-10398 (Multiple cross-site scripting (XSS) vulnerabilities in bsi.dll in Bank ...)
 	NOT-FOR-US: Bank Soft Systems (BSS) RBS BS-Client
 CVE-2014-10397 (The Antioch theme through 2014-09-07 for WordPress allows arbitrary fi ...)
author	Sylvain Beucler <beuc@beuc.net>	2020-03-03 15:44:54 +0100
committer	Sylvain Beucler <beuc@beuc.net>	2020-03-03 15:44:54 +0100
commit	9b6978634dd072e5c68437f9d2c7ed6ce399d5d9 (patch)
tree	d9d4e433916326542ca3b4d3cd2cf9d68b724f8b /data/CVE/list.2014
parent	545f431a51ca442102bab3965a9782b32a161402 (diff)