[Secure-testing-commits] r29719 - data/CVE

Wed, 29 Oct 2014 06:54:05 -0700 

Author: atomo64-guest
Date: 2014-10-29 13:53:39 +0000 (Wed, 29 Oct 2014)
New Revision: 29719

Modified:
   data/CVE/list
Log:
new glpi issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2014-10-29 13:40:52 UTC (rev 29718)
+++ data/CVE/list       2014-10-29 13:53:39 UTC (rev 29719)
@@ -305,8 +305,14 @@
        RESERVED
 CVE-2014-8361
        RESERVED
-CVE-2014-8360
+CVE-2014-8360 [glpi: class autoloading issue]
        RESERVED
+       - glpi <unfixed>
+       TODO: check
+       NOTE: original bug: https://forge.indepnet.net/issues/5101
+       NOTE: followup: https://forge.indepnet.net/issues/5113
+       NOTE: appears to be a generic autoloading abuse; possibly with
+       NOTE: some use of simplepie being the attack vector
 CVE-2014-8359
        RESERVED
 CVE-2014-8358


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to