[Secure-testing-commits] r34089 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Wed May 6 03:32:06 UTC 2015


Author: carnil
Date: 2015-05-06 03:32:06 +0000 (Wed, 06 May 2015)
New Revision: 34089

Modified:
   data/CVE/list
Log:
Mark two docker.io CVEs as fixed in unstable

NOTE: Actually the two CVE assignments are not that clear, see as well
follow-ups on oss-security. But Red Hat's docker.io maintainer confirmed
for both to be fixed in 1.5.

https://marc.info/?l=oss-security&m=142724143406574&w=2 gives a bit more
of information but not enough to state what the issues are exactly.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-05-06 00:26:36 UTC (rev 34088)
+++ data/CVE/list	2015-05-06 03:32:06 UTC (rev 34089)
@@ -36220,11 +36220,11 @@
 	NOTE: fix: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a08d3b3b99efd509133946056531cdf8f3a0c09b
 CVE-2014-0048 [multiple files downloaded over HTTP and executed or used unsafely]
 	RESERVED
-	- docker.io <unfixed>
+	- docker.io 1.6.0+dfsg1-1
 	NOTE: According to Red Hat bug no longer present in 1.5
 CVE-2014-0047 [multiple temporary file creation vulnerabilities]
 	RESERVED
-	- docker.io <unfixed>
+	- docker.io 1.6.0+dfsg1-1
 	NOTE: According to Red Hat bug no longer present in 1.5
 CVE-2014-0046 (Cross-site scripting (XSS) vulnerability in the link-to helper in ...)
 	NOT-FOR-US: ember.js




More information about the Secure-testing-commits mailing list