[Secure-testing-commits] r38789 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Jan 9 07:12:15 UTC 2016
Author: carnil
Date: 2016-01-09 07:12:15 +0000 (Sat, 09 Jan 2016)
New Revision: 38789
Modified:
data/CVE/list
Log:
Add three freeradius CVEs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-01-09 00:55:46 UTC (rev 38788)
+++ data/CVE/list 2016-01-09 07:12:15 UTC (rev 38789)
@@ -597,6 +597,15 @@
CVE-2016-1505 [On MS Windows the filesystem backend allows access to the first level of files on a drive.]
RESERVED
- radicale <not-affected> (Only an issue on MS Windows)
+CVE-2015-8764 [one byte buffer overrun]
+ - freeradius <unfixed>
+ NOTE: http://freeradius.org/security.html#eap-pwd-2015
+CVE-2015-8763 [commit/confirm message payload length is not validated]
+ - freeradius <unfixed>
+ NOTE: http://freeradius.org/security.html#eap-pwd-2015
+CVE-2015-8762 [The EAP-PWD packet length is not checked before the first byte is dereferenced]
+ - freeradius <unfixed>
+ NOTE: http://freeradius.org/security.html#eap-pwd-2015
CVE-2015-8751
RESERVED
- jasper <unfixed>
More information about the Secure-testing-commits
mailing list