Author: carnil Date: 2014-01-08 05:14:58 +0000 (Wed, 08 Jan 2014) New Revision: 25086
Modified: data/CVE/list Log: Add back information for CVE-2013-6441 Modified: data/CVE/list =================================================================== --- data/CVE/list 2014-01-07 22:30:57 UTC (rev 25085) +++ data/CVE/list 2014-01-08 05:14:58 UTC (rev 25086) @@ -4047,11 +4047,14 @@ RESERVED CVE-2013-6442 RESERVED -CVE-2013-6441 +CVE-2013-6441 [lxc: sshd template allow privilege escalation on host] RESERVED - NOTE: "disputed" CVE assignment for lxc, as having root to the container allows + - lxc <unfixed> (unimportant) + [wheezy] - lxc <no-dsa> (Minor issue; see NOTE) + [squeeze] - lxc <no-dsa> (Minor issue; see NOTE) NOTE: getting root on host, if not using unprivileged containers or NOTE: restricting the containers with apparmor or selinux. + NOTE: CVE is kept as no official documentation explicitly document this fact CVE-2013-6440 [XML eXternal Entity (XXE) flaw in ParserPool and Decrypter] RESERVED - opensaml2 <not-affected> (Debian provides the C-based Shibboleth implementation) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits