Author: nluedtke-guest
Date: 2016-09-20 17:45:05 +0000 (Tue, 20 Sep 2016)
New Revision: 44759

Modified:
   data/CVE/list
Log:
Mark CVE-2014-8182 as not affected

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-09-20 17:39:56 UTC (rev 44758)
+++ data/CVE/list       2016-09-20 17:45:05 UTC (rev 44759)
@@ -56052,12 +56052,11 @@
        RESERVED
 CVE-2014-8182 [crash in ldap_domain2hostlist when processing SRV records]
        RESERVED
-       - openldap <undetermined>
+       - openldap <not-affected> (Vulnerable code introduced in RHEL specific 
patch)
        NOTE: 
http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=7027
        NOTE: Reference for upstream fix: 
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blobdiff;f=libraries/libldap/dnssrv.c;h=de849e30d5b01ae855853c79e88fb06d7aea1137;hp=6d1bfa8e3c2b05ca5ed0ebebc00c3a30086bca95;hb=31995b535e10c45e698b62d39db998c51f799327;hpb=5de85b922aaa5bfa6eb53db6000adf01ebdb0736
        NOTE: and: 
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=eef1ca007f60fdcb9b5368608e87dd0b2404bceb
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1095976#c26 claims 
this flaw was never in a OpenLDAP release
-       TODO: check, possibly thus not affected for all Debian versions
 CVE-2014-8181 [scsi: do not fill dirty page content in the SG_IO buffer]
        RESERVED
        - linux <not-affected> (Specific to RHEL 7)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to