[Secure-testing-commits] r31933 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Tue Feb 3 15:25:40 UTC 2015
Author: jmm
Date: 2015-02-03 15:25:40 +0000 (Tue, 03 Feb 2015)
New Revision: 31933
Modified:
data/CVE/list
Log:
not an issue if a fixed curl is present (confirmed by upstream)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-02-03 15:24:48 UTC (rev 31932)
+++ data/CVE/list 2015-02-03 15:25:40 UTC (rev 31933)
@@ -173,11 +173,6 @@
- xen <unfixed> (low)
[wheezy] - xen <not-affected> (Only affects 4.4 and later on arm)
[squeeze] - xen <not-affected> (Only affects 4.4 and later on arm)
-CVE-2015-XXXX [AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability]
- - asterisk <unfixed>
- NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24676
- NOTE: http://downloads.digium.com/pub/security/AST-2015-002.html
- NOTE: Since we have a fixed curl package, we don't need this. I've pinged upstream for confirmation
CVE-2015-XXXX [AST-2015-001: File descriptor leak when incompatible codecs are offered]
- asterisk <unfixed>
[jessie] - asterisk <not-affected> (Only affects 12.x and 13.x)
More information about the Secure-testing-commits
mailing list