Author: ghedo Date: 2015-07-16 12:20:27 +0000 (Thu, 16 Jul 2015) New Revision: 35502
Modified: data/CVE/list Log: Reconsider CVE-2015-2059/libidn severity Modified: data/CVE/list =================================================================== --- data/CVE/list 2015-07-16 11:51:36 UTC (rev 35501) +++ data/CVE/list 2015-07-16 12:20:27 UTC (rev 35502) @@ -11196,9 +11196,12 @@ NOTE: http://www.openwall.com/lists/oss-security/2015/02/09/13 CVE-2015-2059 RESERVED - - libidn 1.31-1 (unimportant) + - libidn 1.31-1 + NOTE: http://www.openwall.com/lists/oss-security/2015/02/23/25 NOTE: Patch: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c2796581c27213962c77f5a8571a598f9a2e - NOTE: Mis-use of an API (even if poorly documented) is hardly a security issue + NOTE: This could be attributed to a misuse of a (poorly documented) API + NOTE: but since upstream provided a patch it makes more sense to fix + NOTE: only libidn instead of every application using it CVE-2015-1545 (The deref_parseCtrl function in servers/slapd/overlays/deref.c in ...) {DSA-3209-1 DLA-203-1} - openldap 2.4.40-4 (bug #776988) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits