[Secure-testing-commits] r37597 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Nov 6 18:46:16 UTC 2015
Author: carnil
Date: 2015-11-06 18:46:16 +0000 (Fri, 06 Nov 2015)
New Revision: 37597
Modified:
data/CVE/list
Log:
Mark CVE-2015-2698/krb5 for wheezy and jessie as not-affected
Technically the vulnerability is only introduced when applying the patch
for CVE-2015-2696 on it's own. That happened for unstable with
1.13.2+dfsg-3 and fixed with 1.13.2+dfsg-4.
The prepared packages by the maintainer to be released via a DSA do
contain as well the additional commit, making this CVE not affecting
wheezy and jessie.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-11-06 18:25:41 UTC (rev 37596)
+++ data/CVE/list 2015-11-06 18:46:16 UTC (rev 37597)
@@ -14856,6 +14856,8 @@
CVE-2015-2698 [memory corruption caused due to original patch for CVE-2015-2696]
RESERVED
- krb5 1.13.2+dfsg-4
+ [jessie] - krb5 <not-affected> (Only affected when applying original patch for CVE-2015-2696 only)
+ [wheezy] - krb5 <not-affected> (Only affected when applying original patch for CVE-2015-2696 only)
[squeeze] - krb5 <not-affected> (Vulnerable code not present)
NOTE: https://github.com/krb5/krb5/commit/3db8dfec1ef50ddd78d6ba9503185995876a39fd
CVE-2015-2697 [invalid string processing]
More information about the Secure-testing-commits
mailing list