[Secure-testing-commits] r24895 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Dec 26 10:04:41 UTC 2013
Author: carnil
Date: 2013-12-26 10:04:41 +0000 (Thu, 26 Dec 2013)
New Revision: 24895
Modified:
data/CVE/list
Log:
Add CVE-2013-6441, but this CVE is somehow disputed, see NOTE
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-12-26 09:53:55 UTC (rev 24894)
+++ data/CVE/list 2013-12-26 10:04:41 UTC (rev 24895)
@@ -3012,6 +3012,10 @@
RESERVED
CVE-2013-6441
RESERVED
+ - lxc <unfixed>
+ NOTE: "disputed" CVE assignement, as having root to the container allows
+ NOTE: getting root on host, if not using unprivileged containers or
+ NOTE: restricting the containers with apparmor or selinux.
CVE-2013-6440 [XML eXternal Entity (XXE) flaw in ParserPool and Decrypter]
RESERVED
- opensaml2 <not-affected> (Debian provides the C-based Shibboleth implementation)
More information about the Secure-testing-commits
mailing list