[Secure-testing-commits] r35502 - data/CVE
Alessandro Ghedini
ghedo at moszumanska.debian.org
Thu Jul 16 12:20:27 UTC 2015
Author: ghedo
Date: 2015-07-16 12:20:27 +0000 (Thu, 16 Jul 2015)
New Revision: 35502
Modified:
data/CVE/list
Log:
Reconsider CVE-2015-2059/libidn severity
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-07-16 11:51:36 UTC (rev 35501)
+++ data/CVE/list 2015-07-16 12:20:27 UTC (rev 35502)
@@ -11196,9 +11196,12 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/02/09/13
CVE-2015-2059
RESERVED
- - libidn 1.31-1 (unimportant)
+ - libidn 1.31-1
+ NOTE: http://www.openwall.com/lists/oss-security/2015/02/23/25
NOTE: Patch: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c2796581c27213962c77f5a8571a598f9a2e
- NOTE: Mis-use of an API (even if poorly documented) is hardly a security issue
+ NOTE: This could be attributed to a misuse of a (poorly documented) API
+ NOTE: but since upstream provided a patch it makes more sense to fix
+ NOTE: only libidn instead of every application using it
CVE-2015-1545 (The deref_parseCtrl function in servers/slapd/overlays/deref.c in ...)
{DSA-3209-1 DLA-203-1}
- openldap 2.4.40-4 (bug #776988)
More information about the Secure-testing-commits
mailing list