[Secure-testing-commits] r29126 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sun Sep 28 09:44:59 UTC 2014


Author: carnil
Date: 2014-09-28 09:44:59 +0000 (Sun, 28 Sep 2014)
New Revision: 29126

Modified:
   data/CVE/list
Log:
Add CVE-2014-6277

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-09-28 09:34:17 UTC (rev 29125)
+++ data/CVE/list	2014-09-28 09:44:59 UTC (rev 29126)
@@ -1979,8 +1979,13 @@
 	RESERVED
 CVE-2014-6278
 	RESERVED
-CVE-2014-6277
+CVE-2014-6277 [Incomplete fix for CVE-2014-7169]
 	RESERVED
+	- bash <not-affected> (we apply variables-affix.patch which mitigates prevents both CVE-2014-7169 and CVE-2014-6277)
+	NOTE: altough unfixed as we also add upstream patch for CVE-2014-7169,
+	NOTE: this is does not affect Debian as we apply the variables-affix.patch
+	NOTE: (hardening patch). The hardening patch prevents both exploitation of
+	NOTE: CVE-2014-7169 and CVE-2014-6277 related issues.
 CVE-2014-6276
 	RESERVED
 CVE-2014-6275




More information about the Secure-testing-commits mailing list