[Secure-testing-commits] r29565 - data/CVE
Paul Wise
pabs at moszumanska.debian.org
Wed Oct 22 08:32:34 UTC 2014
Author: pabs
Date: 2014-10-22 08:32:03 +0000 (Wed, 22 Oct 2014)
New Revision: 29565
Modified:
data/CVE/list
Log:
CVE-2014-4860 and CVE-2014-4859 are issues in the reference UEFI firmware, which is in Debian
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-10-22 08:22:57 UTC (rev 29564)
+++ data/CVE/list 2014-10-22 08:32:03 UTC (rev 29565)
@@ -7831,12 +7831,16 @@
NOT-FOR-US: Netmaster CBW700N cable modem
CVE-2014-4861
RESERVED
-CVE-2014-4860
+CVE-2014-4860 (integer overflows leading to code execution)
RESERVED
- NOT-FOR-US: HP PCs with UEFI Firmware
-CVE-2014-4859
+ - edk2 <unfixed>
+ NOTE: check
+ NOTE: https://www.mitre.org/sites/default/files/publications/14-2221-extreme-escalation-presentation.pdf
+CVE-2014-4859 (integer overflows leading to code execution)
RESERVED
- NOT-FOR-US: HP PCs with UEFI Firmware
+ - edk2 <unfixed>
+ NOTE: check
+ NOTE: https://www.mitre.org/sites/default/files/publications/14-2221-extreme-escalation-presentation.pdf
CVE-2014-4858 (Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre ...)
NOT-FOR-US: Sabre AirCenter Crew
CVE-2014-4857 (Cross-site scripting (XSS) vulnerability in Gurock TestRail before ...)
More information about the Secure-testing-commits
mailing list