[Secure-testing-commits] r44759 - data/CVE
Nicholas Luedtke
nluedtke-guest at moszumanska.debian.org
Tue Sep 20 17:45:05 UTC 2016
Author: nluedtke-guest
Date: 2016-09-20 17:45:05 +0000 (Tue, 20 Sep 2016)
New Revision: 44759
Modified:
data/CVE/list
Log:
Mark CVE-2014-8182 as not affected
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-20 17:39:56 UTC (rev 44758)
+++ data/CVE/list 2016-09-20 17:45:05 UTC (rev 44759)
@@ -56052,12 +56052,11 @@
RESERVED
CVE-2014-8182 [crash in ldap_domain2hostlist when processing SRV records]
RESERVED
- - openldap <undetermined>
+ - openldap <not-affected> (Vulnerable code introduced in RHEL specific patch)
NOTE: http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=7027
NOTE: Reference for upstream fix: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blobdiff;f=libraries/libldap/dnssrv.c;h=de849e30d5b01ae855853c79e88fb06d7aea1137;hp=6d1bfa8e3c2b05ca5ed0ebebc00c3a30086bca95;hb=31995b535e10c45e698b62d39db998c51f799327;hpb=5de85b922aaa5bfa6eb53db6000adf01ebdb0736
NOTE: and: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=eef1ca007f60fdcb9b5368608e87dd0b2404bceb
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1095976#c26 claims this flaw was never in a OpenLDAP release
- TODO: check, possibly thus not affected for all Debian versions
CVE-2014-8181 [scsi: do not fill dirty page content in the SG_IO buffer]
RESERVED
- linux <not-affected> (Specific to RHEL 7)
More information about the Secure-testing-commits
mailing list