[Secure-testing-commits] r45071 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Oct 5 17:12:16 UTC 2016
Author: carnil
Date: 2016-10-05 17:12:15 +0000 (Wed, 05 Oct 2016)
New Revision: 45071
Modified:
data/CVE/list
Log:
Reorder second entry relative to #839260
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-05 17:09:33 UTC (rev 45070)
+++ data/CVE/list 2016-10-05 17:12:15 UTC (rev 45071)
@@ -1,3 +1,9 @@
+CVE-2016-XXXX [.libfile doesn't check PermitFileReading array, allowing remote file disclosure]
+ - ghostscript <unfixed> (high; bug #839260)
+ NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697169
+ NOTE: Reproducer: http://www.openwall.com/lists/oss-security/2016/09/29/28
+ NOTE: Patch: http://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;a=commitdiff;h=cf046d2
+ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/10/05/7
CVE-2016-XXXX [various userparams allow %pipe% in paths, allowing remote shell command execution]
- ghostscript <unfixed> (high; bug #839260)
NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697178
@@ -23,10 +29,6 @@
- nss 2:3.23-1 (low)
NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.22.1_release_notes
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/10/02/4
-CVE-2016-XXXX [ghostscript: various sandbox escapes]
- - ghostscript <unfixed> (high; bug #839260)
- NOTE: http://www.openwall.com/lists/oss-security/2016/09/29/3
- NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697169
CVE-2016-8390
RESERVED
CVE-2016-8389
More information about the Secure-testing-commits
mailing list