[Secure-testing-commits] r44155 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Aug 26 05:45:47 UTC 2016
Author: carnil
Date: 2016-08-26 05:45:47 +0000 (Fri, 26 Aug 2016)
New Revision: 44155
Modified:
data/CVE/list
Log:
Add CVE-2016-7091/sudo
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-08-26 04:25:40 UTC (rev 44154)
+++ data/CVE/list 2016-08-26 05:45:47 UTC (rev 44155)
@@ -1,3 +1,11 @@
+CVE-2016-7091
+ - sudo <not-affected> (Debian not including INPUTRC in /etc/sudoers)
+ NOTE: Cf. https://bugzilla.redhat.com/show_bug.cgi?id=1339935
+ NOTE: The scope of this CVE is the entire 'INPUTRC should
+ NOTE: not be included in "env_keep" at all, or else somehow restricted'
+ NOTE: problem, which has both the information disclosure and segmentation
+ NOTE: fault outcomes.
+ NOTE: Debian does not include INPUTRC by default in /etc/sudoers
CVE-2016-7089 (WatchGuard RapidStream appliances allow local users to gain privileges ...)
TODO: check
CVE-2016-7088
More information about the Secure-testing-commits
mailing list