[Secure-testing-commits] r31640 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Jan 24 15:26:05 UTC 2015
Author: carnil
Date: 2015-01-24 15:26:05 +0000 (Sat, 24 Jan 2015)
New Revision: 31640
Modified:
data/CVE/list
Log:
Three CVEs assigned for linux and busybox, checks needed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-24 15:17:14 UTC (rev 31639)
+++ data/CVE/list 2015-01-24 15:26:05 UTC (rev 31640)
@@ -8,15 +8,21 @@
- node-marked <unfixed>
NOTE: https://nodesecurity.io/advisories/marked_vbscript_injection
NOTE: https://github.com/chjj/marked/issues/492
-CVE-2013-XXXX [Linux kernel crypto api unprivileged arbitrary module load]
+CVE-2013-7421 [Linux kernel crypto api unprivileged arbitrary module load]
- linux <unfixed>
- linux-2.6 <removed>
NOTE: https://lkml.org/lkml/2013/3/4/70
NOTE: https://plus.google.com/+MathiasKrause/posts/PqFCo4bfrWu
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5d26a105b5a7
+CVE-2014-9644 [related to CVE-2013-7421, not handling crypto templates correctly]
+ - linux <unfixed>
+ - linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4943ba16bbc2
- NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3e14dcf7cb80
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/01/23/7
+CVE-2014-9645 [modprobe wrongly accepts paths as module names]
+ - busybox <unfixed>
+ NOTE: https://bugs.busybox.net/show_bug.cgi?id=7652
+ NOTE: http://git.busybox.net/busybox/commit/?id=4e314faa0aecb66717418e9a47a4451aec59262b
+ TODO: check, also affects kmod?
CVE-2008-XXXX [Segfault from bad backreference]
- perl 5.20.0-1 (bug #776046)
[wheezy] - perl <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list