[Secure-testing-commits] r32244 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Feb 14 21:59:34 UTC 2015
Author: carnil
Date: 2015-02-14 21:59:33 +0000 (Sat, 14 Feb 2015)
New Revision: 32244
Modified:
data/CVE/list
Log:
Add CVE-2015-1606 and CVE-2015-1607
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-02-14 21:53:31 UTC (rev 32243)
+++ data/CVE/list 2015-02-14 21:59:33 UTC (rev 32244)
@@ -1,3 +1,15 @@
+CVE-2015-1607 [memcpy with overlapping ranges, resulting from incorrect bitwise left shifts]
+ [experimental] - gnupg2 2.1.2-1
+ - gnupg2 <unfixed>
+ - gnupg <undetermined>
+ NOTE: https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html
+ TODO: check
+CVE-2015-1606 [use after free resulting from failure to skip invalid packets]
+ [experimental] - gnupg2 2.1.2-1
+ - gnupg2 <unfixed>
+ - gnupg <undetermined>
+ NOTE: https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html
+ TODO: check
CVE-2015-1604
NOT-FOR-US: Landsknecht Adminsystems
CVE-2015-1603
More information about the Secure-testing-commits
mailing list