[Secure-testing-commits] r36358 - data/CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Fri Aug 28 08:10:48 UTC 2015
Author: hertzog
Date: 2015-08-28 08:10:48 +0000 (Fri, 28 Aug 2015)
New Revision: 36358
Modified:
data/CVE/list
Log:
Mark CVE-2015-5237 as no-dsa for squeeze
And add some comments about switching it to unimportant maybe?
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-08-28 08:10:39 UTC (rev 36357)
+++ data/CVE/list 2015-08-28 08:10:48 UTC (rev 36358)
@@ -3501,7 +3501,9 @@
CVE-2015-5237 [Integer overflow in protobuf serialization]
RESERVED
- protobuf <unfixed>
+ [squeeze] - protobuf <no-dsa> (Minor issue)
NOTE: https://github.com/google/protobuf/issues/760
+ NOTE: Upstream doesn't seem to consider this a real issue. And Florian itself closed it as CANTFIX on the RedHat side. Maybe we should tag this unimportant instead? --Raphael Hertzog
CVE-2015-5236
RESERVED
CVE-2015-5235
More information about the Secure-testing-commits
mailing list