[Secure-testing-commits] r29719 - data/CVE

[Raphael Geissert]

Author: atomo64-guest
Date: 2014-10-29 13:53:39 +0000 (Wed, 29 Oct 2014)
New Revision: 29719

Modified:
   data/CVE/list
Log:
new glpi issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-10-29 13:40:52 UTC (rev 29718)
+++ data/CVE/list	2014-10-29 13:53:39 UTC (rev 29719)
@@ -305,8 +305,14 @@
 	RESERVED
 CVE-2014-8361
 	RESERVED
-CVE-2014-8360
+CVE-2014-8360 [glpi: class autoloading issue]
 	RESERVED
+	- glpi <unfixed>
+	TODO: check
+	NOTE: original bug: https://forge.indepnet.net/issues/5101
+	NOTE: followup: https://forge.indepnet.net/issues/5113
+	NOTE: appears to be a generic autoloading abuse; possibly with
+	NOTE: some use of simplepie being the attack vector
 CVE-2014-8359
 	RESERVED
 CVE-2014-8358