[Secure-testing-commits] r41262 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Apr 28 17:12:00 UTC 2016
Author: carnil
Date: 2016-04-28 17:12:00 +0000 (Thu, 28 Apr 2016)
New Revision: 41262
Modified:
data/CVE/list
Log:
Update status for CVE-2015-0857/tardiff
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-04-28 17:09:25 UTC (rev 41261)
+++ data/CVE/list 2016-04-28 17:12:00 UTC (rev 41262)
@@ -35874,9 +35874,12 @@
CVE-2015-0858 [/tmp race condition in handling temporary directory]
RESERVED
- tardiff 0.1-3
-CVE-2015-0857 [shell command injection through file names]
+CVE-2015-0857 [shell command injection through file names and tar file name itself]
RESERVED
- - tardiff 0.1-3
+ - tardiff <unfixed>
+ NOTE: Assignment is done for injection through file names and tar file name itself
+ NOTE: First part was addressed in 0.1-3 but does not contain the fix for the tar
+ NOTE: file name itself.
CVE-2015-0856 (daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the ...)
- sddm 0.12.0-5 (bug #803336; low)
NOTE: https://github.com/sddm/sddm/commit/4cfed6b0a625593
More information about the Secure-testing-commits
mailing list