[Secure-testing-commits] r24895 - data/CVE

Salvatore Bonaccorso Thu, 26 Dec 2013 02:05:23 -0800

Author: carnil
Date: 2013-12-26 10:04:41 +0000 (Thu, 26 Dec 2013)
New Revision: 24895


Modified:
   data/CVE/list
Log:
Add CVE-2013-6441, but this CVE is somehow disputed, see NOTE

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2013-12-26 09:53:55 UTC (rev 24894)
+++ data/CVE/list       2013-12-26 10:04:41 UTC (rev 24895)
@@ -3012,6 +3012,10 @@
        RESERVED
 CVE-2013-6441
        RESERVED
+       - lxc <unfixed>
+       NOTE: "disputed" CVE assignement, as having root to the container allows
+       NOTE: getting root on host, if not using unprivileged containers or
+       NOTE: restricting the containers with apparmor or selinux.
 CVE-2013-6440 [XML eXternal Entity (XXE) flaw in ParserPool and Decrypter]
        RESERVED
        - opensaml2 <not-affected> (Debian provides the C-based Shibboleth 
implementation)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r24895 - data/CVE

Reply via email to