[Secure-testing-commits] r34220 - data/CVE

Tue May 12 21:02:20 UTC 2015

Author: ghedo
Date: 2015-05-12 21:02:20 +0000 (Tue, 12 May 2015)
New Revision: 34220

Modified:
   data/CVE/list
Log:
Add links to patches for CVE-2014-814{6,7}/icu issues

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2015-05-12 20:54:04 UTC (rev 34219)
+++ data/CVE/list	2015-05-12 21:02:20 UTC (rev 34220)
@@ -14990,6 +14990,7 @@
 	[jessie] - chromium-browser 42.0.2311.135-1~deb8u1
 	[wheezy] - chromium-browser <not-affected> (Vulnerable code not present)
 	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
+	NOTE: Patch: http://bugs.icu-project.org/trac/changeset/37080
 CVE-2014-8146 [Heap overflow]
 	RESERVED
 	- icu 52.1-9 (bug #784773)
@@ -14998,6 +14999,8 @@
 	[jessie] - chromium-browser 42.0.2311.135-1~deb8u1
 	[wheezy] - chromium-browser <not-affected> (Vulnerable code not present)
 	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
+	NOTE: Patch: http://bugs.icu-project.org/trac/changeset/37162
+	NOTE: The upstream patch doesn't seem to properly fix the issue.
 CVE-2014-8145 (Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 ...)
 	{DSA-3112-1 DLA-128-1}
 	- sox 14.4.1-5 (bug #773720)


