[Secure-testing-commits] r37007 - data/CVE
Henri Salo
fgeek-guest at moszumanska.debian.org
Tue Oct 6 05:40:35 UTC 2015
Author: fgeek-guest
Date: 2015-10-06 05:40:35 +0000 (Tue, 06 Oct 2015)
New Revision: 37007
Modified:
data/CVE/list
Log:
CVE-2015-5261/spice
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-10-06 05:23:02 UTC (rev 37006)
+++ data/CVE/list 2015-10-06 05:40:35 UTC (rev 37007)
@@ -5929,8 +5929,11 @@
NOTE: Proposed patch for commons-httpclient: https://bugzilla.redhat.com/show_bug.cgi?id=1259892
NOTE: Checked that both 4.0.1 (in Squeeze) and 4.1.1 (in Wheezy) have the call to set the timout before the SSL connection is opened.
NOTE: Jessie's 4.3.5-2 is however missing the upstream patch: http://svn.apache.org/viewvc/httpcomponents/httpclient/branches/4.3.x/httpclient/src/main/java/org/apache/http/conn/ssl/SSLConnectionSocketFactory.java?r1=1560975&r2=1626784
-CVE-2015-5261
+CVE-2015-5261 [host memory access from guest using crafted images]
RESERVED
+ - spice <unfixed>
+ TODO: check
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1261889
CVE-2015-5260 [Insufficient validation of surface_id parameter can cause crash]
RESERVED
- spice <unfixed>
More information about the Secure-testing-commits
mailing list