[Secure-testing-commits] r32309 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Feb 18 11:10:33 UTC 2015
Author: carnil
Date: 2015-02-18 11:10:33 +0000 (Wed, 18 Feb 2015)
New Revision: 32309
Modified:
data/CVE/list
Log:
Add new libmspack/cabextract issue, needs to be checked once reference available again
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-02-18 09:48:55 UTC (rev 32308)
+++ data/CVE/list 2015-02-18 11:10:33 UTC (rev 32309)
@@ -1,3 +1,9 @@
+CVE-2015-XXXX [directory traversal; related to overlong utf-8 encoding for /]
+ - libmspack <unfixed>
+ - cabextract 1.4-5
+ NOTE: Starting with 1.4-5 cabextract uses the mspack system library
+ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/18/3
+ TODO: check, once http://sourceforge.net/p/libmspack/code/217/ reachable, currently sf in static offline mode
CVE-2015-XXXX [Vulnerabilities in nanohttp]
- libcsoap <unfixed> (bug #778599)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/17/2
More information about the Secure-testing-commits
mailing list