[Secure-testing-commits] r39379 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Jan 31 11:54:31 UTC 2016
Author: carnil
Date: 2016-01-31 11:54:31 +0000 (Sun, 31 Jan 2016)
New Revision: 39379
Modified:
data/CVE/list
Log:
Update information for CVE-2015-8630
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-01-31 11:54:21 UTC (rev 39378)
+++ data/CVE/list 2016-01-31 11:54:31 UTC (rev 39379)
@@ -2962,7 +2962,11 @@
CVE-2015-8630 [krb5 doesn't check for null policy when KADM5_POLICY is set in the mask]
RESERVED
- krb5 <unfixed> (bug #813127)
+ [wheezy] - krb5 <not-affected> (Vulnerability introduced in 1.12)
+ [squeeze] - krb5 <not-affected> (Vulnerability introduced in 1.12)
NOTE: Fixed by: https://github.com/krb5/krb5/commit/b863de7fbf080b15e347a736fdda0a82d42f4f6b
+ NOTE: Introduced by: https://github.com/krb5/krb5/commit/0780e46fc13dbafa177525164997cd204cc50b51 (krb5-1.12-alpha1)
+ TODO: double checking with maintainers if assessment for wheezy and before is correct
CVE-2015-8629 [xdr_nullstring() doesn't check for terminating null character]
RESERVED
- krb5 <unfixed> (bug #813296)
More information about the Secure-testing-commits
mailing list