Author: carnil Date: 2016-10-05 17:12:15 +0000 (Wed, 05 Oct 2016) New Revision: 45071
Modified: data/CVE/list Log: Reorder second entry relative to #839260 Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-10-05 17:09:33 UTC (rev 45070) +++ data/CVE/list 2016-10-05 17:12:15 UTC (rev 45071) @@ -1,3 +1,9 @@ +CVE-2016-XXXX [.libfile doesn't check PermitFileReading array, allowing remote file disclosure] + - ghostscript <unfixed> (high; bug #839260) + NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697169 + NOTE: Reproducer: http://www.openwall.com/lists/oss-security/2016/09/29/28 + NOTE: Patch: http://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;a=commitdiff;h=cf046d2 + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/10/05/7 CVE-2016-XXXX [various userparams allow %pipe% in paths, allowing remote shell command execution] - ghostscript <unfixed> (high; bug #839260) NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697178 @@ -23,10 +29,6 @@ - nss 2:3.23-1 (low) NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.22.1_release_notes NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/10/02/4 -CVE-2016-XXXX [ghostscript: various sandbox escapes] - - ghostscript <unfixed> (high; bug #839260) - NOTE: http://www.openwall.com/lists/oss-security/2016/09/29/3 - NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697169 CVE-2016-8390 RESERVED CVE-2016-8389 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
