[Secure-testing-commits] r30755 - data/CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Mon Dec 15 10:20:47 UTC 2014
Author: hertzog
Date: 2014-12-15 10:19:41 +0000 (Mon, 15 Dec 2014)
New Revision: 30755
Modified:
data/CVE/list
Log:
Add one more commit to CVE-2014-9112/cpio
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-12-15 10:04:53 UTC (rev 30754)
+++ data/CVE/list 2014-12-15 10:19:41 UTC (rev 30755)
@@ -926,10 +926,11 @@
- cpio <unfixed> (bug #772793)
NOTE: http://lcamtuf.coredump.cx/afl/vulns/lesspipe-cpio-bad-write.cpio
NOTE: https://savannah.gnu.org/bugs/?43709
- NOTE: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=746f3ff6
- NOTE: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=54d1c42a
- NOTE: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=58df4f1b
- NOTE: Still issues present: http://www.mail-archive.com/bug-cpio@gnu.org/msg00507.html
+ NOTE: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=746f3ff6 (fix buffer overflow)
+ NOTE: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=54d1c42a (fix range checking of length of link name)
+ NOTE: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=58df4f1b (fixup of former commit)
+ NOTE: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=fd262d11 (fix null deref)
+ NOTE: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=f6a8a2cb (fix test suite in former commit)
CVE-2014-9089 (Multiple SQL injection vulnerabilities in view_all_bug_page.php in ...)
- mantis <removed>
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
More information about the Secure-testing-commits
mailing list