[Secure-testing-commits] r49957 - in data: . CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Thu Mar 23 10:17:57 UTC 2017
Author: hertzog
Date: 2017-03-23 10:17:57 +0000 (Thu, 23 Mar 2017)
New Revision: 49957
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Mark CVE-2014-9938 as not affecting wheezy
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-23 09:43:09 UTC (rev 49956)
+++ data/CVE/list 2017-03-23 10:17:57 UTC (rev 49957)
@@ -2048,8 +2048,10 @@
RESERVED
CVE-2014-9938 (contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize ...)
- git 1:2.0.0~rc2-1
+ [wheezy] - git <not-affected> (Vulnerable code introduced in 1.8.1-rc0)
NOTE: https://github.com/git/git/commit/8976500cbbb13270398d3b3e07a17b8cc7bff43f
NOTE: https://github.com/njhartwell/pw3nage
+ NOTE: Vulnerability likely introduced by the "pc_mode" in https://github.com/git/git/commit/1bfc51ac814125de03ddf1900245e42d6ce0d250
CVE-2014-9937
RESERVED
CVE-2014-9936
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-03-23 09:43:09 UTC (rev 49956)
+++ data/dla-needed.txt 2017-03-23 10:17:57 UTC (rev 49957)
@@ -35,8 +35,6 @@
--
gdk-pixbuf (Emilio Pozuelo)
--
-git (Raphaël Hertzog)
---
graphicsmagick
NOTE: seems only a single memory/CPU DOS at this point, maybe wait for more issues?
NOTE: DLA-547-1 also did not fix CVE-2016-5240 so should be included in next upload.
More information about the Secure-testing-commits
mailing list