[Secure-testing-commits] r33748 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Wed Apr 22 07:47:13 UTC 2015


Author: carnil
Date: 2015-04-22 07:47:13 +0000 (Wed, 22 Apr 2015)
New Revision: 33748

Modified:
   data/CVE/list
Log:
Add new curl issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-04-22 06:36:25 UTC (rev 33747)
+++ data/CVE/list	2015-04-22 07:47:13 UTC (rev 33748)
@@ -424,19 +424,31 @@
 CVE-2015-3149 [insecure hsperfdata temporary file handling, CVE-2015-0383 regression (Hotspot)]
 	RESERVED
 	- openjdk-8 <not-affected> (defective patch not applied)
-CVE-2015-3148
+CVE-2015-3148 [Negotiate not treated as connection-oriented]
 	RESERVED
+	- curl <unfixed>
+	NOTE: http://curl.haxx.se/docs/adv_20150422B.html
 CVE-2015-3147
 	RESERVED
 	NOT-FOR-US: abrt is Red Hat / Fedora specific
 CVE-2015-3146
 	RESERVED
-CVE-2015-3145
+CVE-2015-3145 [cookie parser out of boundary memory access]
 	RESERVED
-CVE-2015-3144
+	- curl <unfixed>
+	[wheezy] - curl <not-affected> (Affects 7.31.0 to and including 7.41.0)
+	[squeeze] - curl <not-affected> (Affects 7.31.0 to and including 7.41.0)
+	NOTE: http://curl.haxx.se/docs/adv_20150422C.html
+CVE-2015-3144 [host name out of boundary memory access]
 	RESERVED
-CVE-2015-3143
+	- curl <unfixed>
+	[wheezy] - curl <not-affected> (Affects 7.37.0 to and including 7.41.0)
+	[squeeze] - curl <not-affected> (Affects 7.37.0 to and including 7.41.0)
+	NOTE: http://curl.haxx.se/docs/adv_20150422D.html
+CVE-2015-3143 [Re-using authenticated connection when unauthenticated]
 	RESERVED
+	- curl <unfixed>
+	NOTE: http://curl.haxx.se/docs/adv_20150422A.html
 CVE-2015-3142
 	RESERVED
 	NOT-FOR-US: abrt is Red Hat / Fedora specific




More information about the Secure-testing-commits mailing list