[Secure-testing-commits] r34149 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat May 9 14:08:12 UTC 2015


Author: carnil
Date: 2015-05-09 14:08:12 +0000 (Sat, 09 May 2015)
New Revision: 34149

Modified:
   data/CVE/list
Log:
Specify not-affected status for CVE-2015-0971

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-05-09 11:28:00 UTC (rev 34148)
+++ data/CVE/list	2015-05-09 14:08:12 UTC (rev 34149)
@@ -7673,8 +7673,8 @@
 CVE-2015-0971 [TLS/DER parsing issue]
 	RESERVED
 	- suricata 2.0.8-1
-	[wheezy] - suricata <not-affected> (Vulnerable code not present)
-	[squeeze] - suricata <not-affected> (Vulnerable code not present)
+	[wheezy] - suricata <not-affected> (ASN.1 parser for X509 certificates in DER format introduced in 1.3)
+	[squeeze] - suricata <not-affected> (ASN.1 parser for X509 certificates in DER format introduced in 1.3)
 	NOTE: http://suricata-ids.org/2015/05/06/suricata-2-0-8-available/
 	NOTE: Patch: https://github.com/inliniac/suricata/commit/fa73a0bb8f312fd0a95cc70f6b3ee4e4997bdba7
 CVE-2015-0970 (Cross-site request forgery (CSRF) vulnerability in SearchBlox before ...)




More information about the Secure-testing-commits mailing list