[Secure-testing-commits] r34804 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Jun 8 17:45:52 UTC 2015
Author: carnil
Date: 2015-06-08 17:45:52 +0000 (Mon, 08 Jun 2015)
New Revision: 34804
Modified:
data/CVE/list
Log:
Add one policykit-1 issue, CVE requested, needs to be checked
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-06-08 13:48:08 UTC (rev 34803)
+++ data/CVE/list 2015-06-08 17:45:52 UTC (rev 34804)
@@ -1,3 +1,9 @@
+CVE-2015-XXXX [cookie generator can wrap and two identical cookies could exist; DoS]
+ - policykit-1 <unfixed>
+ NOTE: http://lists.freedesktop.org/archives/polkit-devel/2015-May/000419.html
+ NOTE: http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html
+ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/06/08/3
+ TODO: check
CVE-2015-4412 [ruby-bson: DoS and possible injection, with durran 2013-04-07 commit]
- ruby-bson <not-affected> (corresponding change in ruby-bson not present)
NOTE: Originating from https://github.com/mongodb/bson-ruby/commit/21141c78d99f23d5f34d32010557ef19d0f77203#diff-8c8558c185bbb548ccb5a6d6ac4bfee5L219
More information about the Secure-testing-commits
mailing list