[Git][security-tracker-team/security-tracker][master] Update information for CVE-2014-9485

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 25 19:56:52 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2acf0b5d by Salvatore Bonaccorso at 2024-01-25T20:54:34+01:00
Update information for CVE-2014-9485

The reason to bump the Debian revision fixing the issue to 1.1-6 is that
only the followup update to 1.1-5 contained the full fix for both Debian
bugs #774321 and #776831. Upstream clarified their point of view as:

	The Debian project requested CVE-2014-9485 be allocated for the
	first identified weakness. The fix was incomplete, resulting in a
	revised patch applied here. Since there wasn't an updated version
	released by Debian with the incomplete fix, I suggest we use this
	CVE to identify both issues.

Add additonal references to the CVE entry along.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -521770,7 +521770,8 @@ CVE-2014-XXXX [denial of service with specific packets]
 	NOTE: https://github.com/inliniac/libhtp/commit/4acebf251bb6c8343dd5f37f1b48cb38fec4fed4
 	NOTE: CVE Request: http://seclists.org/oss-sec/2014/q4/1035
 CVE-2014-9485 (Directory traversal vulnerability in the do_extract_currentfile functi ...)
-	- minizip 1.1-5 (low; bug #774321)
+	- minizip 1.1-6 (low; bug #774321; bug #776831)
+	NOTE: https://github.com/madler/zlib/commit/14a5f8f266c16c87ab6c086fc52b770b27701e01 (v1.3.1)
 CVE-2014-9426 (The apprentice_load function in libmagic/apprentice.c in the Fileinfo  ...)
 	NOTE: Disputed PHP issue to be rejected, code wasn't present in squeeze/wheezy or file (PHP-specific)
 CVE-2014-9423 (The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2acf0b5d219e229622ec56a81b91e324549888f2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2acf0b5d219e229622ec56a81b91e324549888f2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240125/f6fae0c5/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list