[Secure-testing-commits] r42941 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Jul 1 07:19:20 UTC 2016
Author: carnil
Date: 2016-07-01 07:19:20 +0000 (Fri, 01 Jul 2016)
New Revision: 42941
Modified:
data/CVE/list
Log:
The git issues do not affect cgit, update CVE-2016-2324 and CVE-2016-2315
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-07-01 06:54:20 UTC (rev 42940)
+++ data/CVE/list 2016-07-01 07:19:20 UTC (rev 42941)
@@ -11305,10 +11305,10 @@
CVE-2016-2324 (Integer overflow in Git before 2.7.4 allows remote attackers to ...)
{DSA-3521-1}
- git 1:2.8.0~rc3-1 (bug #818318)
- - cgit 1.0+git2.8.3-1
NOTE: Removal of path_name: https://github.com/git/git/commit/9831e92bfa833ee9c0ce464bbc2f941ae6c2698d (v2.8.0-rc0)
NOTE: http://www.openwall.com/lists/oss-security/2016/03/16/2
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=971328#c4
+ - cgit <not-affected> (path_name function from embedded git is not called)
CVE-2016-2323
RESERVED
CVE-2016-2322
@@ -11322,8 +11322,8 @@
CVE-2016-2315 (revision.c in git before 2.7.4 uses an incorrect integer data type, ...)
{DSA-3521-1}
- git 1:2.7.0-1 (bug #818318)
- - cgit 1.0+git2.8.3-1 (bug #827405)
NOTE: https://github.com/git/git/commit/34fa79a6cde56d6d428ab0d3160cb094ebad3305 (v2.7.0-rc0)
+ - cgit <not-affected> (path_name function from embedded git is not called)
CVE-2016-2314 (GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices ...)
NOT-FOR-US: Huawei
CVE-2016-2318
More information about the Secure-testing-commits
mailing list