[Git][security-tracker-team/security-tracker][master] Slightly reorganize notes for CVE-2014-2875

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
06aef80b by Salvatore Bonaccorso at 2020-03-31T23:11:50+02:00
Slightly reorganize notes for CVE-2014-2875

Add the original CVE bug to the source package and expand explanation
why the issue is not exploitable according to the analysis from Brian
May.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -263081,11 +263081,10 @@ CVE-2014-2877
 CVE-2014-2876
 	RESERVED
 CVE-2014-2875 (The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses wea ...)
-	- lua-cgi <unfixed> (unimportant)
+	- lua-cgi <unfixed> (unimportant; bug #953037)
 	NOTE: https://github.com/keplerproject/cgilua/issues/17
-	NOTE: https://bugs.debian.org/953037
-	NOTE: https://bugs.debian.org/954300
-	NOTE: The code itself is broken and thus cannot be exploited per se if not fixed.
+	NOTE: The code itself is broken and thus cannot be exploited per se if not fixed,
+	NOTE: see details in https://bugs.debian.org/954300
 CVE-2013-7369 (SQL injection vulnerability in an unspecified DLL in the FSDBCom Activ ...)
 	NOT-FOR-US: F-Secure Anti-Virus
 CVE-2012-6647 (The futex_wait_requeue_pi function in kernel/futex.c in the Linux kern ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06aef80b004fc34fc8d1f8bf2764d28155f03409

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06aef80b004fc34fc8d1f8bf2764d28155f03409
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200331/0cad4600/attachment.html>