[Secure-testing-commits] r33263 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Mar 30 20:48:40 UTC 2015
Author: carnil
Date: 2015-03-30 20:48:40 +0000 (Mon, 30 Mar 2015)
New Revision: 33263
Modified:
data/CVE/list
Log:
Add CVE-2014-8119/netcf
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-03-30 20:34:08 UTC (rev 33262)
+++ data/CVE/list 2015-03-30 20:48:40 UTC (rev 33263)
@@ -11934,8 +11934,13 @@
- eglibc <removed> (low)
CVE-2014-8120 (The agent in Thermostat before 1.0.6, when using unspecified ...)
NOT-FOR-US: Thermostat Hotspot instrumentation
-CVE-2014-8119
+CVE-2014-8119 [augeas path expression injection via interface name]
RESERVED
+ - netcf <unfixed>
+ NOTE: Issue is in the way the netcf's find_ifcfg_path() function processed
+ NOTE: certain XPath expressions according to Red Hat bugzilla. But augeas has
+ NOTE: as well recieved a fix to completely fix the issue.
+ TODO: check
CVE-2014-8118 (Integer overflow in RPM 4.12 and earlier allows remote attackers to ...)
{DSA-3129-1 DLA-140-1}
- rpm 4.11.3-1.1 (bug #773101)
More information about the Secure-testing-commits
mailing list