[Secure-testing-commits] r30913 - data/CVE

Salvatore Bonaccorso Mon, 22 Dec 2014 06:31:58 -0800

Author: carnil
Date: 2014-12-22 14:31:04 +0000 (Mon, 22 Dec 2014)
New Revision: 30913


Modified:
   data/CVE/list
Log:
Add three CVEs for unzip

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2014-12-22 14:15:05 UTC (rev 30912)
+++ data/CVE/list       2014-12-22 14:31:04 UTC (rev 30913)
@@ -3921,12 +3921,15 @@
        NOTE: 
http://git.php.net/?p=php-src.git;a=commitdiff;h=630f9c33c23639de85c3fd306b209b538b73b4c9
        NOTE: 
http://git.php.net/?p=php-src.git;a=commitdiff;h=53f129a44d3c4ec0fae57993b9ae2f6cb48973cc
        NOTE: Only affects an inherently insecure use case
-CVE-2014-8141
+CVE-2014-8141 [heap overflow in getZip64Data]
        RESERVED
-CVE-2014-8140
+       - unzip <unfixed>
+CVE-2014-8140 [heap overflow in test_compr_eb]
        RESERVED
-CVE-2014-8139
+       - unzip <unfixed>
+CVE-2014-8139 [CRC32 heap overflow]
        RESERVED
+       - unzip <unfixed>
 CVE-2014-8138 [heap overflow in jp2_decode()]
        RESERVED
        {DSA-3106-1}


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r30913 - data/CVE

Reply via email to