[Secure-testing-commits] r33094 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Mar 23 21:05:22 UTC 2015
Author: carnil
Date: 2015-03-23 21:05:19 +0000 (Mon, 23 Mar 2015)
New Revision: 33094
Modified:
data/CVE/list
Log:
Add two tor issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-03-23 21:03:00 UTC (rev 33093)
+++ data/CVE/list 2015-03-23 21:05:19 UTC (rev 33094)
@@ -1,3 +1,16 @@
+CVE-2015-XXXX [Assertion failure in dns.c, possibly connected to UDP DoS attack]
+ - tor 0.2.5.11-1
+ [wheezy] - tor 0.2.4.26-1
+ [squeeze] - tor 0.2.4.26-1~deb6u1
+ NOTE: https://bugs.torproject.org/14129
+ NOTE: No CVE requested yet
+CVE-2015-XXXX [relay could crash with an assertion]
+ - tor 0.2.5.11-1
+ [wheezy] - tor 0.2.4.26-1
+ [squeeze] - tor 0.2.4.26-1~deb6u1
+ NOTE: added workaround, add to data/D[L|S]A/list
+ NOTE: https://trac.torproject.org/projects/tor/ticket/15083
+ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/03/23/17
CVE-2015-XXXX [sys_sendto/sys_recvfrom does not validate the user provided ubuf pointer]
- linux <not-affected> (Introduced in 3.19, never uploaded to unstable)
- linux-2.6 <not-affected> (Introduced in 3.19, never uploaded to unstable)
More information about the Secure-testing-commits
mailing list