[Secure-testing-commits] r30044 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Nov 13 19:42:55 UTC 2014
Author: carnil
Date: 2014-11-13 19:42:55 +0000 (Thu, 13 Nov 2014)
New Revision: 30044
Modified:
data/CVE/list
Log:
Add upstrem issue reference for encfs bug
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-11-13 19:36:41 UTC (rev 30043)
+++ data/CVE/list 2014-11-13 19:42:55 UTC (rev 30044)
@@ -12502,11 +12502,12 @@
[wheezy] - obnam <no-dsa> (Minor issue)
CVE-2014-3462 [Editing Configuration File Disables MACs]
RESERVED
- - encfs 1.7.4-4 (bug #736066)
+ - encfs <unfixed> (low; bug #736066)
[squeeze] - encfs <no-dsa> (Minor issue)
[wheezy] - encfs <no-dsa> (Minor issue)
- NOTE: Shortcoming documented in 1.7.4-4
+ NOTE: Shortcoming documented in 1.7.4-4; issue itself not fixed yet in encfs
NOTE: https://defuse.ca/audits/encfs.htm
+ NOTE: Upstream issue: https://github.com/vgough/encfs/issues/14
CVE-2014-3453 (Eval injection vulnerability in the flag_import_form_validate function ...)
NOT-FOR-US: Drupal module
CVE-2014-3444 (The GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer ...)
More information about the Secure-testing-commits
mailing list