[Secure-testing-commits] r33027 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Mar 21 08:27:58 UTC 2015
Author: carnil
Date: 2015-03-21 08:27:58 +0000 (Sat, 21 Mar 2015)
New Revision: 33027
Modified:
data/CVE/list
Log:
Add possibly new dulwich issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-03-21 08:27:41 UTC (rev 33026)
+++ data/CVE/list 2015-03-21 08:27:58 UTC (rev 33027)
@@ -8,6 +8,11 @@
NOTE: https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/03/20/12
TODO: check affected versions
+CVE-2014-XXXX [dulwich: does not reject commits with invalid paths]
+ - dulwich <unfixed>
+ NOTE: From https://lists.launchpad.net/dulwich-users/msg00827.html, dulwich clone
+ NOTE: happily clones such a repo with a commit containing .git/hooks/pre-commit
+ TODO: clarify if same CVE scope as of CVE-2014-9390
CVE-2015-2348
RESERVED
CVE-2015-2347
More information about the Secure-testing-commits
mailing list