[Secure-testing-commits] r32445 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Feb 23 21:52:52 UTC 2015
Author: carnil
Date: 2015-02-23 21:52:52 +0000 (Mon, 23 Feb 2015)
New Revision: 32445
Modified:
data/CVE/list
Log:
CVE assigned for cabextract, #778753
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-02-23 21:49:32 UTC (rev 32444)
+++ data/CVE/list 2015-02-23 21:52:52 UTC (rev 32445)
@@ -920,10 +920,14 @@
NOTE: http://hmarco.org/bugs/linux-ASLR-reducing-mmap-by-half.html
NOTE: arm64 affected from v3.7 to v3.18
NOTE: powerpc affected from v2.6.30 to 3.2
-CVE-2015-XXXX [directory traversal; related to overlong utf-8 encoding for /]
+CVE-2015-2060 [directory traversal; related to overlong utf-8 encoding for /]
- cabextract <unfixed> (bug #778753)
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/18/3
+ NOTE: http://www.openwall.com/lists/oss-security/2015/02/18/3
NOTE: Upstream commit: http://sourceforge.net/p/libmspack/code/217
+ NOTE: CVE assigned for issue were path traversal occurs because the unpatched
+ NOTE: code does neither of the following: 1) checking for slashes after decoding
+ NOTE: 2) checking for ordinary slashes before decoding and prohibiting overlong
+ NOTE: encodings
CVE-2015-XXXX [Vulnerabilities in nanohttp]
- libcsoap <unfixed> (bug #778599)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/17/2
More information about the Secure-testing-commits
mailing list