[Secure-testing-commits] r41265 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Apr 28 20:24:26 UTC 2016
Author: carnil
Date: 2016-04-28 20:24:26 +0000 (Thu, 28 Apr 2016)
New Revision: 41265
Modified:
data/CVE/list
Log:
Update status for tardiff, CVE-2015-0857 fixed for 0.1-5
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-04-28 20:19:20 UTC (rev 41264)
+++ data/CVE/list 2016-04-28 20:24:26 UTC (rev 41265)
@@ -35880,12 +35880,15 @@
CVE-2015-0858 [/tmp race condition in handling temporary directory]
RESERVED
- tardiff 0.1-3
+ NOTE: https://anonscm.debian.org/cgit/collab-maint/tardiff.git/commit/?id=9bd6a07bc204472ac27242cea16f89943b43003a
CVE-2015-0857 [shell command injection through file names and tar file name itself]
RESERVED
- - tardiff <unfixed>
+ - tardiff 0.1-5
+ NOTE: https://anonscm.debian.org/cgit/collab-maint/tardiff.git/commit/?id=9bd6a07bc204472ac27242cea16f89943b43003a
NOTE: Assignment is done for injection through file names and tar file name itself
NOTE: First part was addressed in 0.1-3 but does not contain the fix for the tar
NOTE: file name itself.
+ NOTE: https://anonscm.debian.org/cgit/collab-maint/tardiff.git/commit/?id=a18e8df51511df276e61dbccdbe1714fc53af965
CVE-2015-0856 (daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the ...)
- sddm 0.12.0-5 (bug #803336; low)
NOTE: https://github.com/sddm/sddm/commit/4cfed6b0a625593
More information about the Secure-testing-commits
mailing list