[Secure-testing-commits] r33748 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Apr 22 07:47:13 UTC 2015
Author: carnil
Date: 2015-04-22 07:47:13 +0000 (Wed, 22 Apr 2015)
New Revision: 33748
Modified:
data/CVE/list
Log:
Add new curl issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-04-22 06:36:25 UTC (rev 33747)
+++ data/CVE/list 2015-04-22 07:47:13 UTC (rev 33748)
@@ -424,19 +424,31 @@
CVE-2015-3149 [insecure hsperfdata temporary file handling, CVE-2015-0383 regression (Hotspot)]
RESERVED
- openjdk-8 <not-affected> (defective patch not applied)
-CVE-2015-3148
+CVE-2015-3148 [Negotiate not treated as connection-oriented]
RESERVED
+ - curl <unfixed>
+ NOTE: http://curl.haxx.se/docs/adv_20150422B.html
CVE-2015-3147
RESERVED
NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-3146
RESERVED
-CVE-2015-3145
+CVE-2015-3145 [cookie parser out of boundary memory access]
RESERVED
-CVE-2015-3144
+ - curl <unfixed>
+ [wheezy] - curl <not-affected> (Affects 7.31.0 to and including 7.41.0)
+ [squeeze] - curl <not-affected> (Affects 7.31.0 to and including 7.41.0)
+ NOTE: http://curl.haxx.se/docs/adv_20150422C.html
+CVE-2015-3144 [host name out of boundary memory access]
RESERVED
-CVE-2015-3143
+ - curl <unfixed>
+ [wheezy] - curl <not-affected> (Affects 7.37.0 to and including 7.41.0)
+ [squeeze] - curl <not-affected> (Affects 7.37.0 to and including 7.41.0)
+ NOTE: http://curl.haxx.se/docs/adv_20150422D.html
+CVE-2015-3143 [Re-using authenticated connection when unauthenticated]
RESERVED
+ - curl <unfixed>
+ NOTE: http://curl.haxx.se/docs/adv_20150422A.html
CVE-2015-3142
RESERVED
NOT-FOR-US: abrt is Red Hat / Fedora specific
More information about the Secure-testing-commits
mailing list