[Secure-testing-commits] r30005 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Nov 13 06:31:35 UTC 2014
Author: carnil
Date: 2014-11-13 06:29:35 +0000 (Thu, 13 Nov 2014)
New Revision: 30005
Modified:
data/CVE/list
Log:
CVE-2014-8628/polarssl: memory leaks affect also older releases
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-11-12 20:22:08 UTC (rev 30004)
+++ data/CVE/list 2014-11-13 06:29:35 UTC (rev 30005)
@@ -27,7 +27,7 @@
NOTE: request adding https://github.com/mkomitee/requests-kerberos/commit/9c1e08cc17bb6950455a85d33d391ecd2bce6eb6
CVE-2014-8628 [remotely-triggerable memory leaks]
- polarssl 1.3.9-1
- TODO: check older releases
+ NOTE: Cf. https://bugzilla.redhat.com/show_bug.cgi?id=1159845#c5 and following.
CVE-2014-8627 [server negotiate a weaker signature algorithm than available]
- polarssl 1.3.9-1
[wheezy] - polarssl <not-affected> (Problem introduced in 1.3.8)
More information about the Secure-testing-commits
mailing list