[Secure-testing-commits] r37055 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Oct 9 04:22:44 UTC 2015
Author: carnil
Date: 2015-10-09 04:22:44 +0000 (Fri, 09 Oct 2015)
New Revision: 37055
Modified:
data/CVE/list
Log:
Restore removed status for postgresql-9.1 and postgresql-8.4, add description back
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-10-08 21:10:30 UTC (rev 37054)
+++ data/CVE/list 2015-10-09 04:22:44 UTC (rev 37055)
@@ -5878,16 +5878,18 @@
NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01
CVE-2015-5290
RESERVED
-CVE-2015-5289
+CVE-2015-5289 [stack overflows in json parsing]
RESERVED
- postgresql-9.4 9.4.5-1
- postgresql-9.1 <not-affected> (no json datatype)
- postgresql-8.4 <not-affected> (no json datatype)
-CVE-2015-5288
+CVE-2015-5288 [vulnerable to too-short crypt() salts]
RESERVED
- postgresql-9.4 9.4.5-1
+ - postgresql-9.1 <removed>
[jessie] - postgresql-9.1 <no-dsa> (postgresql-9.1 in jessie only provides PL/Perl)
[wheezy] - postgresql-9.1 <no-dsa> (minor issue)
+ - postgresql-8.4 <removed>
[wheezy] - postgresql-8.4 <no-dsa> (postgresql-8.4 in wheezy only provides PL/Perl; EOL upstream)
[squeeze] - postgresql-8.4 <no-dsa> (minor issue)
CVE-2015-5287
More information about the Secure-testing-commits
mailing list