[Secure-testing-commits] r34820 - data/CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Tue Jun 9 13:53:02 UTC 2015
Author: hertzog
Date: 2015-06-09 13:53:02 +0000 (Tue, 09 Jun 2015)
New Revision: 34820
Modified:
data/CVE/list
Log:
Mark CVE-2013-7440 as no-dsa on squeeze
Add a comment explaining that the backport is probably not so difficult if
we only fix the issue referred by the CVE which is the refusal to match
multiple wildcards. The upgrade to a newer RFC is not covered by the CVE.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-06-09 13:30:21 UTC (rev 34819)
+++ data/CVE/list 2015-06-09 13:53:02 UTC (rev 34820)
@@ -495,16 +495,20 @@
- python3.2 <removed>
[wheezy] - python3.2 <no-dsa> (Minor issue, too intrusive to backport)
- python3.1 <removed>
+ [squeeze] - python3.1 <no-dsa> (Minor issue)
- python2.7 <unfixed>
[wheezy] - python2.7 <no-dsa> (Minor issue, too intrusive to backport)
[jessie] - python2.7 <no-dsa> (Minor issue, too intrusive to backport)
[stretch] - python2.7 <no-dsa> (Minor issue, too intrusive to backport)
- python2.6 <removed>
[wheezy] - python2.6 <no-dsa> (Minor issue, too intrusive to backport)
+ [squeeze] - python2.6 <no-dsa> (Minor issue)
- python2.5 <removed>
+ [squeeze] - python2.5 <no-dsa> (Minor issue)
NOTE: https://bugs.python.org/issue17997#msg194950
NOTE: https://hg.python.org/cpython/rev/10d0edadbcdd
TODO: check affected versions
+ NOTE: The CVE is only about refusing multiple wildcards. Backporting that part only is not so difficult.
CVE-2015-4047 (racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause ...)
{DSA-3272-1 DLA-234-1}
- ipsec-tools 1:0.8.2+20140711-3 (bug #785778)
More information about the Secure-testing-commits
mailing list