[Secure-testing-commits] r31596 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Jan 22 15:24:48 UTC 2015
Author: carnil
Date: 2015-01-22 15:24:48 +0000 (Thu, 22 Jan 2015)
New Revision: 31596
Modified:
data/CVE/list
Log:
Add one CVE for unzip
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-22 15:22:41 UTC (rev 31595)
+++ data/CVE/list 2015-01-22 15:24:48 UTC (rev 31596)
@@ -450,6 +450,11 @@
CVE-2013-XXXX [lhasa: several directory traversal vulnerabilities]
- lhasa 0.2.0-1
[wheezy] - lhasa <no-dsa> (Minor issue)
+CVE-2014-9636 [OOB access (both read and write) issues in test_compr_eb]
+ - unzip <unfixed>
+ NOTE: http://seclists.org/oss-sec/2014/q4/489
+ NOTE: http://seclists.org/oss-sec/2014/q4/507
+ NOTE: http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450
CVE-2014-9635 [HttpOnly flag not set]
- jenkins 1.565.3-3 (bug #769682)
CVE-2014-9634 [Secure flag not set]
More information about the Secure-testing-commits
mailing list