[Secure-testing-commits] r29279 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Oct 5 12:36:46 UTC 2014
Author: carnil
Date: 2014-10-05 12:36:46 +0000 (Sun, 05 Oct 2014)
New Revision: 29279
Modified:
data/CVE/list
Log:
CVE assigned for gnome-shell issue, added NOTE to explain were vulnerability is
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-10-05 12:20:21 UTC (rev 29278)
+++ data/CVE/list 2014-10-05 12:36:46 UTC (rev 29279)
@@ -1114,8 +1114,6 @@
RESERVED
CVE-2014-7301
RESERVED
-CVE-2014-7300
- RESERVED
CVE-2014-7299
RESERVED
CVE-2014-7298
@@ -1355,10 +1353,15 @@
CVE-2014-XXXX [various sddm issues]
- sddm <itp> (bug #703519)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=897788
-CVE-2014-XXXX [gnome-shell lockscreen bypass with printscreen key]
+CVE-2014-7300 [gnome-shell lockscreen bypass with printscreen key]
- gnome-shell <unfixed>
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=737456
- TODO: check
+ NOTE: PrtSc is an unauthenticated request that's available to untrusted
+ NOTE: parties. A series of requests can consume a large amount of memory.
+ NOTE: The combination of this PrtSc behavior and the existence of the
+ NOTE: oom-killer allows authentication bypass for command execution.
+ NOTE: Therefore, the product must limit the aggregate memory consumption of
+ NOTE: all active requests, and the lack of this limit is a vulnerability.
CVE-2010-XXXX [execute code from imported modules / documentation missmatch ]
- pylint <unfixed> (bug #591676)
CVE-2014-7231
More information about the Secure-testing-commits
mailing list