[Secure-testing-commits] r30913 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Dec 22 14:31:04 UTC 2014
Author: carnil
Date: 2014-12-22 14:31:04 +0000 (Mon, 22 Dec 2014)
New Revision: 30913
Modified:
data/CVE/list
Log:
Add three CVEs for unzip
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-12-22 14:15:05 UTC (rev 30912)
+++ data/CVE/list 2014-12-22 14:31:04 UTC (rev 30913)
@@ -3921,12 +3921,15 @@
NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=630f9c33c23639de85c3fd306b209b538b73b4c9
NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=53f129a44d3c4ec0fae57993b9ae2f6cb48973cc
NOTE: Only affects an inherently insecure use case
-CVE-2014-8141
+CVE-2014-8141 [heap overflow in getZip64Data]
RESERVED
-CVE-2014-8140
+ - unzip <unfixed>
+CVE-2014-8140 [heap overflow in test_compr_eb]
RESERVED
-CVE-2014-8139
+ - unzip <unfixed>
+CVE-2014-8139 [CRC32 heap overflow]
RESERVED
+ - unzip <unfixed>
CVE-2014-8138 [heap overflow in jp2_decode()]
RESERVED
{DSA-3106-1}
More information about the Secure-testing-commits
mailing list