[Secure-testing-commits] r56320 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Oct 1 11:25:12 UTC 2017
Author: carnil
Date: 2017-10-01 11:25:12 +0000 (Sun, 01 Oct 2017)
New Revision: 56320
Modified:
data/CVE/list
Log:
Add upstream reference for CVE-2015-1426/facter
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-01 11:15:10 UTC (rev 56319)
+++ data/CVE/list 2017-10-01 11:25:12 UTC (rev 56320)
@@ -94549,6 +94549,7 @@
[squeeze] - facter <not-affected> (Uses version 2008-02-01 of the EC2 API which does not expose security credentials)
[wheezy] - facter <no-dsa> (Minor issue)
NOTE: http://puppetlabs.com/security/cve/cve-2015-1426
+ NOTE: https://tickets.puppetlabs.com/browse/FACT-800
NOTE: The assessment for Squeeze being unaffected is based on the fact that the code accesses http://169.254.169.254/2008-02-01/meta-data/ and that http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html mentions the iam/security-credentials/role key as being introduced in version 2012-01-12.
CVE-2015-1493 (Directory traversal vulnerability in the min_get_slash_argument ...)
- moodle 2.7.5+dfsg-1
More information about the Secure-testing-commits
mailing list