[Secure-testing-commits] r45687 - data/CVE

Salvatore Bonaccorso Thu, 27 Oct 2016 22:22:26 -0700

Author: carnil
Date: 2016-10-28 05:21:32 +0000 (Fri, 28 Oct 2016)
New Revision: 45687


Modified:
   data/CVE/list
Log:
Add CVE-2016-7032/sudo

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-10-28 05:21:23 UTC (rev 45686)
+++ data/CVE/list       2016-10-28 05:21:32 UTC (rev 45687)
@@ -5940,8 +5940,12 @@
        NOT-FOR-US: JBoss BPMS
 CVE-2016-7033 (Multiple cross-site scripting (XSS) vulnerabilities in the 
admin pages ...)
        NOT-FOR-US: JBoss BPMS
-CVE-2016-7032
+CVE-2016-7032 [noexec bypass via system() and popen()]
        RESERVED
+       - sudo 1.8.15-1
+       NOTE: https://www.sudo.ws/alerts/noexec_bypass.html
+       NOTE: This CVE is for the bypass via system() and popen(). The 
wordpexp() bypass
+       NOTE: is tracked under CVE-2016-7076.
 CVE-2016-7031 (The RGW code in Ceph before 10.0.1, when authenticated-read ACL 
is ...)
        - ceph <unfixed> (bug #838026)
        [jessie] - ceph <no-dsa> (Minor issue)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r45687 - data/CVE

Reply via email to