[Secure-testing-commits] r37083 - in data: CVE DSA
Alessandro Ghedini
ghedo at moszumanska.debian.org
Mon Oct 12 12:50:24 UTC 2015
Author: ghedo
Date: 2015-10-12 12:50:24 +0000 (Mon, 12 Oct 2015)
New Revision: 37083
Modified:
data/CVE/list
data/DSA/list
Log:
Remove workaround for twig issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-10-12 12:50:11 UTC (rev 37082)
+++ data/CVE/list 2015-10-12 12:50:24 UTC (rev 37083)
@@ -82,11 +82,9 @@
TODO: check
CVE-2015-7765 (ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a ...)
TODO: check
-CVE-2015-7809 [arbitrary code execution via the _self variable]
+CVE-2015-7809 [sandbox issue]
RESERVED
- twig 1.20.0-1
- [jessie] - twig 1.16.2-1+deb8u1
- NOTE: Add jessie-tagged workaround item until CVE assigned
NOTE: http://symfony.com/blog/security-release-twig-1-20-0
CVE-2015-7804 [Uninitialized pointer in phar_make_dirstream when zip entry filename is "/"]
RESERVED
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2015-10-12 12:50:11 UTC (rev 37082)
+++ data/DSA/list 2015-10-12 12:50:24 UTC (rev 37083)
@@ -100,6 +100,7 @@
[wheezy] - php5 5.4.44-0+deb7u1
[jessie] - php5 5.6.12+dfsg-0+deb8u1
[26 Aug 2015] DSA-3343-1 twig - security update
+ {CVE-2015-7809}
[jessie] - twig 1.16.2-1+deb8u1
[20 Aug 2015] DSA-3342-1 vlc - security update
{CVE-2015-5949}
More information about the Secure-testing-commits
mailing list