[Secure-testing-commits] r38408 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Dec 18 09:20:08 UTC 2015
Author: carnil
Date: 2015-12-18 09:20:08 +0000 (Fri, 18 Dec 2015)
New Revision: 38408
Modified:
data/CVE/list
Log:
Add CVE-2015-5313/libvirt
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-12-18 09:16:04 UTC (rev 38407)
+++ data/CVE/list 2015-12-18 09:20:08 UTC (rev 38408)
@@ -10690,8 +10690,12 @@
NOTE: http://w1.fi/security/2015-7/
NOTE: https://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt
NOTE: https://w1.fi/security/2015-7/0001-EAP-pwd-server-Fix-last-fragment-length-validation.patch
-CVE-2015-5313
+CVE-2015-5313 [ACL bypass using ../ to access beyond storage pool]
RESERVED
+ - libvirt <unfixed> (bug #808273; unimportant)
+ NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=034e47c338b13a95cf02106a3af912c1c5f818d7
+ NOTE: Marked as unimportant since in Debian ACLs disabled by default and default configuration not affected
+ NOTE: http://security.libvirt.org/2015/0004.html
CVE-2015-5312 (The xmlStringLenDecodeEntities function in parser.c in libxml2 before ...)
- libxml2 2.9.3+dfsg1-1
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e (v2.9.3)
More information about the Secure-testing-commits
mailing list