[Secure-testing-commits] r44745 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon Sep 19 21:40:36 UTC 2016
Author: jmm
Date: 2016-09-19 21:40:36 +0000 (Mon, 19 Sep 2016)
New Revision: 44745
Modified:
data/CVE/list
Log:
bash unimportant
mutt unimportant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-19 21:34:07 UTC (rev 44744)
+++ data/CVE/list 2016-09-19 21:40:36 UTC (rev 44745)
@@ -25016,12 +25016,13 @@
NOT-FOR-US: Oracle
CVE-2016-0634 [bash prompt expanding return value from gethostname()]
RESERVED
- - bash 4.4-1
- [jessie] - bash <no-dsa> (Minor issue)
- [wheezy] - bash <no-dsa> (Minor issue)
+ - bash 4.4-1 (unimportant)
NOTE: http://www.openwall.com/lists/oss-security/2016/09/16/8
NOTE: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025
NOTE: Fixed bin Bash upstream bash-4.4
+ NOTE: This doesn't cross any reasonable security boundaries, an attacker with the
+ NOTE: ability to modify the hostname in an arbitrary manner is in the position to
+ NOTE: exploit various other system components anyway
CVE-2016-0633
RESERVED
CVE-2016-0632
@@ -49460,11 +49461,9 @@
CVE-2013-7420 (Buffer overflow in Hancom Office 2010 SE allows remote attackers to ...)
NOT-FOR-US: Hancom Office 2010 SE
CVE-2015-XXXX [smime_keys: insecure use of /tmp]
- - mutt 1.5.24-1 (low; bug #775199)
- [jessie] - mutt <no-dsa> (Minor issue)
- [wheezy] - mutt <no-dsa> (Minor issue)
- [squeeze] - mutt <no-dsa> (Minor issue)
+ - mutt 1.5.24-1 (unimportant; bug #775199)
NOTE: http://dev.mutt.org/hg/mutt/rev/babc30377614
+ NOTE: Rendered non-exploitable by Linux hardening since wheezy
CVE-2015-XXXX [djvudigital: insecure use of /tmp]
- djvulibre 3.5.27.1-3 (bug #775193)
[jessie] - djvulibre <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list