[Secure-testing-commits] r30911 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Dec 22 13:27:41 UTC 2014
Author: carnil
Date: 2014-12-22 13:27:41 +0000 (Mon, 22 Dec 2014)
New Revision: 30911
Modified:
data/CVE/list
Log:
Adjust version for cpio, since -4 did not contain -2.1 NMU changelog
The upload to unstable -4 was based on -3 in experimental, adding two
additional commits. So just mark -4 as fixing the CVE as -2.1 will not
reach testing/jessie.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-12-22 11:16:03 UTC (rev 30910)
+++ data/CVE/list 2014-12-22 13:27:41 UTC (rev 30911)
@@ -1045,7 +1045,7 @@
NOTE: https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc
CVE-2014-9112 (Heap-based buffer overflow in the process_copy_in function in GNU Cpio ...)
{DLA-111-1}
- - cpio 2.11+dfsg-2.1 (bug #772793)
+ - cpio 2.11+dfsg-4 (bug #772793)
NOTE: http://lcamtuf.coredump.cx/afl/vulns/lesspipe-cpio-bad-write.cpio
NOTE: https://savannah.gnu.org/bugs/?43709
NOTE: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=746f3ff6 (fix buffer overflow)
More information about the Secure-testing-commits
mailing list