[Secure-testing-commits] r38800 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Jan 9 13:00:53 UTC 2016
Author: carnil
Date: 2016-01-09 13:00:53 +0000 (Sat, 09 Jan 2016)
New Revision: 38800
Modified:
data/CVE/list
Log:
Update information for lighttpd issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-01-09 12:38:14 UTC (rev 38799)
+++ data/CVE/list 2016-01-09 13:00:53 UTC (rev 38800)
@@ -138,8 +138,11 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/01/08/3
CVE-2015-XXXX [use after free / double free]
- lighttpd 1.4.39-1
+ [jessie] - lighttpd <not-affected> (Regression introduced in 1.4.36)
+ [wheezy] - lighttpd <not-affected> (Regression introduced in 1.4.36)
+ [squeeze] - lighttpd <not-affected> (Regression introduced in 1.4.36)
NOTE: http://redmine.lighttpd.net/issues/2700
- TODO: check older versions, seems to have been introduced in 1.4.38, but confirm
+ NOTE: Introduced in 1.4.36: http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2976
CVE-2016-1503 [heap overflow via malformed dhcp responses in print_option (via dhcp_envoption1) due to incorrect option length values]
RESERVED
- dhcpcd5 <unfixed>
More information about the Secure-testing-commits
mailing list