[Secure-testing-commits] r35786 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Jul 30 06:01:46 UTC 2015
Author: carnil
Date: 2015-07-30 06:01:46 +0000 (Thu, 30 Jul 2015)
New Revision: 35786
Modified:
data/CVE/list
Log:
Update information for texlive-bin insecure use of /tmp
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-07-30 05:16:23 UTC (rev 35785)
+++ data/CVE/list 2015-07-30 06:01:46 UTC (rev 35786)
@@ -13992,12 +13992,16 @@
[jessie] - djvulibre <no-dsa> (Minor issue)
[wheezy] - djvulibre <no-dsa> (Minor issue)
[squeeze] - djvulibre <no-dsa> (Minor issue)
-CVE-2015-XXXX [mktexlsr: insecure use of /tmp]
+CVE-2015-5701 [mktexlsr: reintroduced insecure use of /tmp, in revision 36855]
+ - texlive-bin <not-affected> (Vulnerable code not reintroduced, patch mktexlsr-use-mktemp still applied)
+ NOTE: https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=36626&r2=36855
+CVE-2015-5700 [mktexlsr: insecure use of /tmp, originally introduced in revision 22885]
- texlive-bin 2014.20140926.35254-5 (bug #775139)
[wheezy] - texlive-bin <no-dsa> (Minor issue)
[squeeze] - texlive-bin <no-dsa> (Minor issue)
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/23/22
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/07/28/5
+ NOTE: http://www.openwall.com/lists/oss-security/2015/04/23/22
+ NOTE: http://www.openwall.com/lists/oss-security/2015/07/28/5
+ NOTE: https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613&r2=22885
CVE-2015-1196 (GNU patch 2.7.1 allows remote attackers to write to arbitrary files ...)
- patch 2.7.1-7 (bug #775227)
[wheezy] - patch <not-affected> (Support for git-style patches added in 2.7)
More information about the Secure-testing-commits
mailing list