[Secure-testing-commits] r38334 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Dec 15 18:34:38 UTC 2015
Author: carnil
Date: 2015-12-15 18:34:38 +0000 (Tue, 15 Dec 2015)
New Revision: 38334
Modified:
data/CVE/list
Log:
Add CVE-2015-1336/man-db
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-12-15 18:29:11 UTC (rev 38333)
+++ data/CVE/list 2015-12-15 18:34:38 UTC (rev 38334)
@@ -22213,8 +22213,11 @@
NOTE: add it, as we have an explicit (bug) reference for apport
CVE-2015-1337 (Simple Streams (simplestreams) does not properly verify the GPG ...)
NOT-FOR-US: simplestreams
-CVE-2015-1336
+CVE-2015-1336 [TOCTOU bug when processing catman pages]
RESERVED
+ - man-db <unfixed>
+ NOTE: http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/man-db/+bug/1482786
CVE-2015-1335 (lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local ...)
{DSA-3400-1}
- lxc 1:1.0.8-1 (bug #800471)
More information about the Secure-testing-commits
mailing list