[Secure-testing-commits] r34089 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed May 6 03:32:06 UTC 2015
Author: carnil
Date: 2015-05-06 03:32:06 +0000 (Wed, 06 May 2015)
New Revision: 34089
Modified:
data/CVE/list
Log:
Mark two docker.io CVEs as fixed in unstable
NOTE: Actually the two CVE assignments are not that clear, see as well
follow-ups on oss-security. But Red Hat's docker.io maintainer confirmed
for both to be fixed in 1.5.
https://marc.info/?l=oss-security&m=142724143406574&w=2 gives a bit more
of information but not enough to state what the issues are exactly.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-05-06 00:26:36 UTC (rev 34088)
+++ data/CVE/list 2015-05-06 03:32:06 UTC (rev 34089)
@@ -36220,11 +36220,11 @@
NOTE: fix: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a08d3b3b99efd509133946056531cdf8f3a0c09b
CVE-2014-0048 [multiple files downloaded over HTTP and executed or used unsafely]
RESERVED
- - docker.io <unfixed>
+ - docker.io 1.6.0+dfsg1-1
NOTE: According to Red Hat bug no longer present in 1.5
CVE-2014-0047 [multiple temporary file creation vulnerabilities]
RESERVED
- - docker.io <unfixed>
+ - docker.io 1.6.0+dfsg1-1
NOTE: According to Red Hat bug no longer present in 1.5
CVE-2014-0046 (Cross-site scripting (XSS) vulnerability in the link-to helper in ...)
NOT-FOR-US: ember.js
More information about the Secure-testing-commits
mailing list