[Secure-testing-commits] r33357 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Apr 3 12:33:38 UTC 2015
Author: carnil
Date: 2015-04-03 12:33:38 +0000 (Fri, 03 Apr 2015)
New Revision: 33357
Modified:
data/CVE/list
Log:
Update status for CVE-2014-8119/netcf
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-04-03 12:02:04 UTC (rev 33356)
+++ data/CVE/list 2015-04-03 12:33:38 UTC (rev 33357)
@@ -12175,10 +12175,14 @@
CVE-2014-8119 [augeas path expression injection via interface name]
RESERVED
- netcf <unfixed>
+ [jessie] - netcf <no-dsa> (too intrusive to backport)
+ [wheezy] - netcf <no-dsa> (too intrusive to backport)
NOTE: Issue is in the way the netcf's find_ifcfg_path() function processed
- NOTE: certain XPath expressions according to Red Hat bugzilla. But augeas has
- NOTE: as well recieved a fix to completely fix the issue.
- TODO: check
+ NOTE: certain XPath expressions according to Red Hat bugzilla.
+ NOTE: The fix consists in augeas getting a new API aug_escape_name which
+ NOTE: netcf needs to use.
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1172176#c3
+ NOTE: https://www.redhat.com/archives/augeas-devel/2014-December/msg00000.html
CVE-2014-8118 (Integer overflow in RPM 4.12 and earlier allows remote attackers to ...)
{DSA-3129-1 DLA-140-1}
- rpm 4.11.3-1.1 (bug #773101)
More information about the Secure-testing-commits
mailing list