[Secure-testing-commits] r37072 - data/CVE
Henri Salo
fgeek-guest at moszumanska.debian.org
Mon Oct 12 05:09:32 UTC 2015
Author: fgeek-guest
Date: 2015-10-12 05:09:32 +0000 (Mon, 12 Oct 2015)
New Revision: 37072
Modified:
data/CVE/list
Log:
CVE-2015-7809/twig
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-10-12 05:06:01 UTC (rev 37071)
+++ data/CVE/list 2015-10-12 05:09:32 UTC (rev 37072)
@@ -1,3 +1,8 @@
+CVE-2015-7809 [arbitrary code execution via the _self variable]
+ - twig 1.20.0-1
+ [jessie] - twig 1.16.2-1+deb8u1
+ NOTE: Add jessie-tagged workaround item until CVE assigned
+ NOTE: http://symfony.com/blog/security-release-twig-1-20-0
CVE-2015-7804 [Uninitialized pointer in phar_make_dirstream when zip entry filename is "/"]
- php5 5.6.14+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=70433
@@ -2931,12 +2936,6 @@
- drupal7 7.39-1
NOTE: https://www.drupal.org/SA-CORE-2015-003
NOTE: http://www.openwall.com/lists/oss-security/2015/08/21/5
-CVE-2015-XXXX [arbitrary code execution via the _self variable]
- - twig 1.20.0-1
- [jessie] - twig 1.16.2-1+deb8u1
- NOTE: Add jessie-tagged workaround item until CVE assigned
- NOTE: http://symfony.com/blog/security-release-twig-1-20-0
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/21/3
CVE-2015-6673 [use-after-free vulnerability in Decoder.cpp]
RESERVED
- libpgf <unfixed> (bug #798032)
More information about the Secure-testing-commits
mailing list