[Secure-testing-commits] r38413 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Dec 18 13:21:20 UTC 2015
Author: carnil
Date: 2015-12-18 13:21:20 +0000 (Fri, 18 Dec 2015)
New Revision: 38413
Modified:
data/CVE/list
Log:
Mark CVE-2015-5313 as no-dsa for jessie, update references
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-12-18 13:14:06 UTC (rev 38412)
+++ data/CVE/list 2015-12-18 13:21:20 UTC (rev 38413)
@@ -10698,9 +10698,12 @@
NOTE: https://w1.fi/security/2015-7/0001-EAP-pwd-server-Fix-last-fragment-length-validation.patch
CVE-2015-5313 [ACL bypass using ../ to access beyond storage pool]
RESERVED
- - libvirt 1.3.0-1 (bug #808273; unimportant)
- NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=034e47c338b13a95cf02106a3af912c1c5f818d7
- NOTE: Marked as unimportant since in Debian ACLs disabled by default and default configuration not affected
+ - libvirt 1.3.0-1 (bug #808273)
+ [jessie] - libvirt <no-dsa> (Minor issue)
+ [wheezy] - libvirt <not-affected> (Vulnerable code introduced later)
+ [squeeze] - libvirt <not-affected> (Vulnerable code introduced later)
+ NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=034e47c338b13a95cf02106a3af912c1c5f818d7
+ NOTE: Broken by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=c930410bebae0a45889b992a7932c663b06cbbcd (v1.1.0-rc1)
NOTE: http://security.libvirt.org/2015/0004.html
CVE-2015-5312 (The xmlStringLenDecodeEntities function in parser.c in libxml2 before ...)
- libxml2 2.9.3+dfsg1-1
More information about the Secure-testing-commits
mailing list