[Secure-testing-commits] r33504 - data/CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Fri Apr 10 21:01:44 UTC 2015
Author: hertzog
Date: 2015-04-10 21:01:44 +0000 (Fri, 10 Apr 2015)
New Revision: 33504
Modified:
data/CVE/list
Log:
Mark nbd issue as not-affecting Squeeze
Squeeze has 2.9.16 which does not support named exports. There's no data
exchange on the socket between accept and the fork that could result in
the problematic SIGPIPE.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-04-10 20:52:45 UTC (rev 33503)
+++ data/CVE/list 2015-04-10 21:01:44 UTC (rev 33504)
@@ -689,6 +689,7 @@
NOTE: https://lists.gnu.org/archive/html/help-libtasn1/2015-01/msg00000.html
CVE-2013-XXXX [nbd-server: server dies if client asks for a non-existing export]
- nbd 1:3.4-1 (bug #781547)
+ [squeeze] - nbd <not-affected> (Named export introduced in 2.9.17)
TODO: check details
CVE-2015-2787 (Use-after-free vulnerability in the process_nested_data function in ...)
{DSA-3198-1}
More information about the Secure-testing-commits
mailing list