[Secure-testing-commits] r35673 - data/CVE

Luca Bruno lucab at moszumanska.debian.org
Fri Jul 24 10:26:53 UTC 2015


Author: lucab
Date: 2015-07-24 10:26:53 +0000 (Fri, 24 Jul 2015)
New Revision: 35673

Modified:
   data/CVE/list
Log:
Add bug reference #793465 for CVE-2015-324{5,6}/libuser

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-07-24 09:17:54 UTC (rev 35672)
+++ data/CVE/list	2015-07-24 10:26:53 UTC (rev 35673)
@@ -6099,12 +6099,11 @@
 	RESERVED
 CVE-2015-3246 [libuser passwd file handling]
 	RESERVED
-	- libuser <unfixed>
-	TODO: check
+	- libuser <unfixed> (bug #793465)
 CVE-2015-3245 [userhelper chfn() newline filtering]
 	RESERVED
-	- usermode <unfixed>
-	TODO: check
+	- libuser <unfixed> (bug #793465)
+	NOTE: initially attributed to usermode package, root-cause fixed in libuser instead
 CVE-2015-3244 (The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, ...)
 	NOT-FOR-US: PortletBridge component of Red Hat JBoss Portal
 CVE-2015-3243 [some log files are created world-readable]




More information about the Secure-testing-commits mailing list