[Secure-testing-commits] r49957 - in data: . CVE

Raphaël Hertzog Thu, 23 Mar 2017 03:18:14 -0700

Author: hertzog
Date: 2017-03-23 10:17:57 +0000 (Thu, 23 Mar 2017)
New Revision: 49957


Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
Mark CVE-2014-9938 as not affecting wheezy

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-03-23 09:43:09 UTC (rev 49956)
+++ data/CVE/list       2017-03-23 10:17:57 UTC (rev 49957)
@@ -2048,8 +2048,10 @@
        RESERVED
 CVE-2014-9938 (contrib/completion/git-prompt.sh in Git before 1.9.3 does not 
sanitize ...)
        - git 1:2.0.0~rc2-1
+       [wheezy] - git <not-affected> (Vulnerable code introduced in 1.8.1-rc0)
        NOTE: 
https://github.com/git/git/commit/8976500cbbb13270398d3b3e07a17b8cc7bff43f
        NOTE: https://github.com/njhartwell/pw3nage
+       NOTE: Vulnerability likely introduced by the "pc_mode" in 
https://github.com/git/git/commit/1bfc51ac814125de03ddf1900245e42d6ce0d250
 CVE-2014-9937
        RESERVED
 CVE-2014-9936

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-03-23 09:43:09 UTC (rev 49956)
+++ data/dla-needed.txt 2017-03-23 10:17:57 UTC (rev 49957)
@@ -35,8 +35,6 @@
 --
 gdk-pixbuf (Emilio Pozuelo)
 --
-git (Raphaël Hertzog)
---
 graphicsmagick
   NOTE: seems only a single memory/CPU DOS at this point, maybe wait for more 
issues?
   NOTE: DLA-547-1 also did not fix CVE-2016-5240 so should be included in next 
upload.


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r49957 - in data: . CVE

Reply via email to