[Secure-testing-commits] r25086 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Jan 8 05:14:58 UTC 2014
Author: carnil
Date: 2014-01-08 05:14:58 +0000 (Wed, 08 Jan 2014)
New Revision: 25086
Modified:
data/CVE/list
Log:
Add back information for CVE-2013-6441
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-01-07 22:30:57 UTC (rev 25085)
+++ data/CVE/list 2014-01-08 05:14:58 UTC (rev 25086)
@@ -4047,11 +4047,14 @@
RESERVED
CVE-2013-6442
RESERVED
-CVE-2013-6441
+CVE-2013-6441 [lxc: sshd template allow privilege escalation on host]
RESERVED
- NOTE: "disputed" CVE assignment for lxc, as having root to the container allows
+ - lxc <unfixed> (unimportant)
+ [wheezy] - lxc <no-dsa> (Minor issue; see NOTE)
+ [squeeze] - lxc <no-dsa> (Minor issue; see NOTE)
NOTE: getting root on host, if not using unprivileged containers or
NOTE: restricting the containers with apparmor or selinux.
+ NOTE: CVE is kept as no official documentation explicitly document this fact
CVE-2013-6440 [XML eXternal Entity (XXE) flaw in ParserPool and Decrypter]
RESERVED
- opensaml2 <not-affected> (Debian provides the C-based Shibboleth implementation)
More information about the Secure-testing-commits
mailing list