[Secure-testing-commits] r34953 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Mon Jun 15 17:42:42 UTC 2015


Author: carnil
Date: 2015-06-15 17:42:42 +0000 (Mon, 15 Jun 2015)
New Revision: 34953

Modified:
   data/CVE/list
Log:
Update CVE-2015-1850 and CVE-2015-1851

According to Red Hat Bugzilla information there were actually two CVEs
assigned. CVE-2015-1850 was for the issue in nova, CVE-2015-1851 for the
issue in cinder.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-06-15 17:07:59 UTC (rev 34952)
+++ data/CVE/list	2015-06-15 17:42:42 UTC (rev 34953)
@@ -7139,13 +7139,17 @@
 	[jessie] - python-keystoneclient <no-dsa> (Minor issue)
 	[wheezy] - python-keystoneclient <not-affected> (s3_token middleware not present)
 	NOTE: https://launchpad.net/bugs/1411063
-CVE-2015-1851
+CVE-2015-1851 [Host file disclosure through qcow2 backing file]
 	RESERVED
-CVE-2015-1850 [Format-guessing and file disclosure in image convert]
+	- cinder <unfixed>
+	NOTE: http://www.openwall.com/lists/oss-security/2015/06/13/1
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1231817
+	NOTE: https://bugs.launchpad.net/cinder/+bug/1415087
+CVE-2015-1850 [Host file disclosure through qcow2 backing file]
 	RESERVED
-	- cinder <unfixed>
 	- nova <unfixed>
 	NOTE: http://www.openwall.com/lists/oss-security/2015/06/13/1
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1231816
 	NOTE: https://bugs.launchpad.net/cinder/+bug/1415087
 CVE-2015-1849
 	RESERVED




More information about the Secure-testing-commits mailing list