[Secure-testing-commits] r31215 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Jan 9 09:44:06 UTC 2015
Author: jmm
Date: 2015-01-09 09:44:06 +0000 (Fri, 09 Jan 2015)
New Revision: 31215
Modified:
data/CVE/list
Log:
arc no-dsa
record file DSA fixes which are not yet CVEfied
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-09 09:12:11 UTC (rev 31214)
+++ data/CVE/list 2015-01-09 09:44:06 UTC (rev 31215)
@@ -39,7 +39,10 @@
CVE-2015-XXXX [CHM decompression: division by zero]
- libmspack <unfixed> (bug #774725)
CVE-2015-XXXX [directory traversal]
- - arc <unfixed> (bug #774527)
+ - arc <unfixed> (low; bug #774527)
+ [squeeze] - arc <no-dsa> (Minor issue)
+ [wheezy] - arc <no-dsa> (Minor issue)
+ [jessie] - arc <no-dsa> (Minor issue)
CVE-2015-XXXX [saves unknown host's fingerprint in known_hosts without any prompt]
- lftp <unfixed> (bug #774769)
CVE-2014-XXXX [possible CSRF attacks to some address book operations as well as to the ACL and Managesieve plugins]
@@ -1034,6 +1037,7 @@
CVE-2014-XXXX [Limit the number of ELF notes processed - DoS]
- file 1:5.21+15-1
[squeeze] - file <not-affected> (Introduced in 5.08)
+ [wheezy] - file 5.11-2+deb7u7
- php5 <unfixed>
NOTE: Report: http://mx.gw.com/pipermail/file/2014/001653.html
NOTE: Fix: https://github.com/file/file/commit/ce90e05774dd77d86cfc8dfa6da57b32816841c4
@@ -1059,6 +1063,7 @@
NOTE: http://www.rabbitmq.com/release-notes/README-3.4.0.txt
CVE-2014-XXXX [out-of-bounds memory access]
- file 1:5.21+15-1
+ [wheezy] - file 5.11-2+deb7u7
- php5 <unfixed>
NOTE: http://bugs.gw.com/view.php?id=398
NOTE: https://github.com/file/file/commit/59e63838913eee47f5c120a6c53d4565af638158
More information about the Secure-testing-commits
mailing list