Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: a6ac9a25 by Salvatore Bonaccorso at 2018-04-06T06:04:03+02:00 Update entry for CVE-2015-1418, keep TODO until clarified with MITRE Same issue is in src:patch as well as shown by https://bugs.debian.org/894993 and https://rachelbythebay.com/w/2018/04/05/bangpatch/ with a crafted patch file. For now associate CVE-2015-1418 as well with src:patch but clarfication with MITRE is pending if the src:patch issue should get a new identifier bsdpatch and GNU patch being different sources. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -128158,7 +128158,11 @@ CVE-2015-1419 (Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remo NOTE: http://seclists.org/oss-sec/2015/q1/389 NOTE: Not a real security feature according the manpage and upstream CVE-2015-1418 (patch in FreeBSD 10.1 before 10.1-RELEASE-p17, 10.2 before ...) - TODO: check + - patch <unfixed> (bug #894993) + NOTE: https://rachelbythebay.com/w/2018/04/05/bangpatch/ + NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-15:18.bsdpatch.asc + NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/013_patch.patch.sig + TODO: The CVE is actually specifically for "bsdpatch", asked MITRE for clarification on scope (i.e. if we should get a new CVE for src:patch) CVE-2015-1417 (The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, ...) - kfreebsd-10 10.2-1 (unimportant) NOTE: kfreebsd not covered by security support in Jessie View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a6ac9a25a288b83168ec1cc1ea7441341face70e --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a6ac9a25a288b83168ec1cc1ea7441341face70e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits