[Secure-testing-commits] r34237 - data/CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Wed May 13 13:42:06 UTC 2015
Author: hertzog
Date: 2015-05-13 13:42:06 +0000 (Wed, 13 May 2015)
New Revision: 34237
Modified:
data/CVE/list
Log:
Mark haproxy's issues as not affecting squeeze (which has version 1.4.x)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-05-13 13:16:25 UTC (rev 34236)
+++ data/CVE/list 2015-05-13 13:42:06 UTC (rev 34237)
@@ -863,12 +863,15 @@
CVE-2015-XXXX [BUG/MAJOR: http: don't read past buffer's end in http_replace_value]
- haproxy 1.5.12-1
[jessie] - haproxy <no-dsa> (Minor issue)
+ [squeeze] - haproxy <not-affected> (Vulnerable code not present)
NOTE: Upstream fix: http://git.haproxy.org/?p=haproxy-1.5.git;a=commit;h=8e05ac2044c6523c867ceaaae1f10486370eec89
NOTE: Introduced by: http://git.haproxy.org/?p=haproxy-1.5.git;a=commit;h=c9c2daf283011e9b9ab0af57629af47862e14e0e
CVE-2015-XXXX [BUG/MAJOR: http: prevent risk of reading past end with balance url_param]
- haproxy 1.5.12-1
[jessie] - haproxy <no-dsa> (Minor issue)
+ [squeeze] - haproxy <not-affected> (Similar check was already present)
NOTE: Upstream fix: http://git.haproxy.org/?p=haproxy-1.5.git;a=commit;h=522aab39753e8ed13786bc57b03ef7ae4ffe6c87
+ NOTE: For squeeze, the above commit message implies that the fix does not need to be backported to version 1.4 and indeed, the code already contains a (different) check that limits the value of "len".
CVE-2015-XXXX [Insecure permission on directory when using spacewalk inventory]
- ansible <unfixed> (unimportant)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/02/3
More information about the Secure-testing-commits
mailing list