Author: carnil
Date: 2015-11-29 14:00:52 +0000 (Sun, 29 Nov 2015)
New Revision: 37971
Modified:
data/CVE/list
Log:
Update status for CVE-2015-0794
Note for reviewers: Please double check this update. I was not able to
find the SuSE specific change to dracut.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-11-29 09:43:55 UTC (rev 37970)
+++ data/CVE/list 2015-11-29 14:00:52 UTC (rev 37971)
@@ -22208,11 +22208,12 @@
CVE-2015-0795 (Multiple stack-based buffer overflows in the SafeShellExecute
method ...)
NOT-FOR-US: NetIQ
CVE-2015-0794 (modules.d/90crypt/module-setup.sh in the dracut package before
...)
- - dracut <undetermined>
+ - dracut <not-affected> (Vulnerable code not present)
NOTE: http://lists.opensuse.org/opensuse-updates/2015-11/msg00098.html
NOTE: http://lists.opensuse.org/opensuse-bugs/2015-06/msg02585.html
NOTE: http://lists.opensuse.org/opensuse-bugs/2015-06/msg02580.html
- TODO: check, possibly SuSE specific since src:dracut does not sem to
have /tmp/dracut_block_uuid.map usage
+ NOTE: This seem to be a SuSE specific issue. src:dracut does not
contain unsafe
+ NOTE: handling of a /tmp/dracut_block_uuid.map file in any checked
version.
CVE-2015-0793
RESERVED
CVE-2015-0792
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
