[Secure-testing-commits] r38153 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Mon Dec 7 20:38:48 UTC 2015


Author: carnil
Date: 2015-12-07 20:38:48 +0000 (Mon, 07 Dec 2015)
New Revision: 38153

Modified:
   data/CVE/list
Log:
Add CVE-2015-8034/salt

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-12-07 20:18:04 UTC (rev 38152)
+++ data/CVE/list	2015-12-07 20:38:48 UTC (rev 38153)
@@ -1159,8 +1159,11 @@
 	[squeeze] - polarssl <not-affected> (Vulnerable code introduced later)
 	NOTE: support for session tickets added in 1.3.0.
 	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01
-CVE-2015-8034
+CVE-2015-8034 [information leak from state.sls cache data stored as world-readable]
 	RESERVED
+	- salt <unfixed>
+	NOTE: https://github.com/cachedout/salt/commit/097838ec0c52b1e96f7f761e5fb3cd7e79808741
+	NOTE: https://github.com/saltstack/salt/issues/28455
 CVE-2014-9755
 	RESERVED
 CVE-2014-9754




More information about the Secure-testing-commits mailing list