[Secure-testing-commits] r29870 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Nov 6 11:58:21 UTC 2014
Author: carnil
Date: 2014-11-06 11:58:21 +0000 (Thu, 06 Nov 2014)
New Revision: 29870
Modified:
data/CVE/list
Log:
Add two CVEs for polarssl
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-11-06 11:49:38 UTC (rev 29869)
+++ data/CVE/list 2014-11-06 11:58:21 UTC (rev 29870)
@@ -2,6 +2,13 @@
- python-requests-kerberos <unfixed>
NOTE: https://github.com/requests/requests-kerberos/pull/36
NOTE: request adding https://github.com/mkomitee/requests-kerberos/commit/9c1e08cc17bb6950455a85d33d391ecd2bce6eb6
+CVE-2014-8628 [remotely-triggerable memory leaks]
+ - polarssl 1.3.9-1
+ TODO: check older releases
+CVE-2014-8627 [server negotiate a weaker signature algorithm than available]
+ - polarssl 1.3.9-1
+ [wheezy] - polarssl <not-affected> (Problem introduced in 1.3.8)
+ [squeeze] - polarssl <not-affected> (Problem introduced in 1.3.8)
CVE-2014-8626 [xmlrpc date_from_ISO8601() buffer overflow]
- php5 5.2.9.dfsg.1-1
NOTE: https://bugs.php.net/bug.php?id=45226
More information about the Secure-testing-commits
mailing list