[Secure-testing-commits] r35392 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Jul 9 14:40:02 UTC 2015
Author: carnil
Date: 2015-07-09 14:40:01 +0000 (Thu, 09 Jul 2015)
New Revision: 35392
Modified:
data/CVE/list
Log:
Mark gksu issue as no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-07-09 13:00:59 UTC (rev 35391)
+++ data/CVE/list 2015-07-09 14:40:01 UTC (rev 35392)
@@ -32769,6 +32769,8 @@
RESERVED
CVE-2014-2886 (GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) ...)
- gksu <unfixed>
+ [jessie] - gksu <no-dsa> (Minor issue)
+ [wheezy] - gksu <no-dsa> (Minor issue)
[squeeze] - gksu <no-dsa> (Minor issue)
NOTE: https://community.rapid7.com/community/metasploit/blog/2014/07/07/virtualbox-filename-command-execution-via-gksu
NOTE: In Debian libgksu installs two alternatives gconf-defaults.libgksu-sudo
More information about the Secure-testing-commits
mailing list