[Secure-testing-commits] r38413 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Fri Dec 18 13:21:20 UTC 2015


Author: carnil
Date: 2015-12-18 13:21:20 +0000 (Fri, 18 Dec 2015)
New Revision: 38413

Modified:
   data/CVE/list
Log:
Mark CVE-2015-5313 as no-dsa for jessie, update references

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-12-18 13:14:06 UTC (rev 38412)
+++ data/CVE/list	2015-12-18 13:21:20 UTC (rev 38413)
@@ -10698,9 +10698,12 @@
 	NOTE: https://w1.fi/security/2015-7/0001-EAP-pwd-server-Fix-last-fragment-length-validation.patch
 CVE-2015-5313 [ACL bypass using ../ to access beyond storage pool]
 	RESERVED
-	- libvirt 1.3.0-1 (bug #808273; unimportant)
-	NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=034e47c338b13a95cf02106a3af912c1c5f818d7
-	NOTE: Marked as unimportant since in Debian ACLs disabled by default and default configuration not affected
+	- libvirt 1.3.0-1 (bug #808273)
+	[jessie] - libvirt <no-dsa> (Minor issue)
+	[wheezy] - libvirt <not-affected> (Vulnerable code introduced later)
+	[squeeze] - libvirt <not-affected> (Vulnerable code introduced later)
+	NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=034e47c338b13a95cf02106a3af912c1c5f818d7
+	NOTE: Broken by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=c930410bebae0a45889b992a7932c663b06cbbcd (v1.1.0-rc1)
 	NOTE: http://security.libvirt.org/2015/0004.html
 CVE-2015-5312 (The xmlStringLenDecodeEntities function in parser.c in libxml2 before ...)
 	- libxml2 2.9.3+dfsg1-1




More information about the Secure-testing-commits mailing list