[Secure-testing-commits] r29392 - in data: . CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Tue Oct 14 11:54:49 UTC 2014
Author: hertzog
Date: 2014-10-14 11:54:49 +0000 (Tue, 14 Oct 2014)
New Revision: 29392
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Investigate and triage CVE-2014-3686/wpa
Hint for security team: I believe wpa should be added to dsa-needed.txt.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-10-14 11:54:41 UTC (rev 29391)
+++ data/CVE/list 2014-10-14 11:54:49 UTC (rev 29392)
@@ -9929,9 +9929,10 @@
RESERVED
CVE-2014-3686 [action script execution vulnerability]
RESERVED
- - wpasupplicant <unfixed>
- - hostapd <unfixed>
- TODO: check and report
+ - wpasupplicant <removed>
+ - hostapd <removed>
+ [squeeze] - hostapd <not-affected> (Vulnerable code not present in 0.6.10)
+ - wpa <unfixed> (bug #765352; high)
CVE-2014-3685
RESERVED
CVE-2014-3684 [non-root users able to kill any process on any node in a job]
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2014-10-14 11:54:41 UTC (rev 29391)
+++ data/dla-needed.txt 2014-10-14 11:54:49 UTC (rev 29392)
@@ -72,6 +72,8 @@
--
xlhtml
--
+wpasupplicant
+--
zendframework
--
More information about the Secure-testing-commits
mailing list