[Secure-testing-commits] r34475 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Mon May 25 03:22:47 UTC 2015


Author: carnil
Date: 2015-05-25 03:22:47 +0000 (Mon, 25 May 2015)
New Revision: 34475

Modified:
   data/CVE/list
Log:
libinfinity seem to have recieved CVE-2015-3886 assigned

Strange but possibly off-list and not recieved to the oss-security list
where the request happened.

Add as well fixed version for the upload to unstable and reference to
bugreport in BTS.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-05-24 19:36:19 UTC (rev 34474)
+++ data/CVE/list	2015-05-25 03:22:47 UTC (rev 34475)
@@ -417,8 +417,6 @@
 	RESERVED
 	NOT-FOR-US: proxychains-ng
 	NOTE: proxychains does not contain the vulnerable code
-CVE-2015-3886
-	RESERVED
 CVE-2015-3884
 	RESERVED
 CVE-2015-3883
@@ -581,11 +579,13 @@
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/12/7
 	NOTE: https://www.sqlite.org/cgi/src/info/f71053cf658b3260
 	NOTE: https://blog.fuzzing-project.org/10-Two-invalid-read-errors-heap-overflows-in-SQLite-TFPA-0062015.html
-CVE-2015-XXXX [does not correctly check certificates for validity]
-	- libinfinity <unfixed>
+CVE-2015-3886 [does not correctly check certificates for validity]
+	- libinfinity 0.6.6-1 (bug #783601)
+	[jessie] - libinfinity <no-dsa> (Will be fixed through a point release update, cf. #786720)
+	[wheezy] - libinfinity <no-dsa> (Can be fixed thorugh a point release update)
 	NOTE: https://github.com/gobby/libinfinity/commit/c97f870f5ae13112988d9f8ad464b4f679903706
 	NOTE: https://github.com/gobby/gobby/issues/61
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/12/1
+	NOTE: http://www.openwall.com/lists/oss-security/2015/05/12/1
 CVE-2015-3815
 	RESERVED
 	- wireshark 1.12.5+g5819e5b-1




More information about the Secure-testing-commits mailing list