Author: ghedo
Date: 2015-07-16 12:20:27 +0000 (Thu, 16 Jul 2015)
New Revision: 35502

Modified:
   data/CVE/list
Log:
Reconsider CVE-2015-2059/libidn severity

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2015-07-16 11:51:36 UTC (rev 35501)
+++ data/CVE/list       2015-07-16 12:20:27 UTC (rev 35502)
@@ -11196,9 +11196,12 @@
        NOTE: http://www.openwall.com/lists/oss-security/2015/02/09/13
 CVE-2015-2059
        RESERVED
-       - libidn 1.31-1 (unimportant)
+       - libidn 1.31-1
+       NOTE: http://www.openwall.com/lists/oss-security/2015/02/23/25
        NOTE: Patch: 
http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c2796581c27213962c77f5a8571a598f9a2e
-       NOTE: Mis-use of an API (even if poorly documented) is hardly a 
security issue
+       NOTE: This could be attributed to a misuse of a (poorly documented) API
+       NOTE: but since upstream provided a patch it makes more sense to fix
+       NOTE: only libidn instead of every application using it
 CVE-2015-1545 (The deref_parseCtrl function in servers/slapd/overlays/deref.c 
in ...)
        {DSA-3209-1 DLA-203-1}
        - openldap 2.4.40-4 (bug #776988)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to