[Secure-testing-commits] r32736 - data/CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Tue Mar 10 10:28:36 UTC 2015
Author: hertzog
Date: 2015-03-10 10:28:36 +0000 (Tue, 10 Mar 2015)
New Revision: 32736
Modified:
data/CVE/list
Log:
Mark CVE-2015-0886 as no-dsa for libjbcrypt-java/squeeze
Based on https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780102#10
and a check that squeeze doesn't contain other uses of the same function.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-03-10 10:28:28 UTC (rev 32735)
+++ data/CVE/list 2015-03-10 10:28:36 UTC (rev 32736)
@@ -4077,6 +4077,7 @@
TODO: check
CVE-2015-0886 (Integer overflow in the crypt_raw method in the key-stretching ...)
- libjbcrypt-java <unfixed> (bug #780102)
+ [squeeze] - libjbcrypt-java <no-dsa> (Minor issue)
CVE-2015-0885 (checkpw 1.02 and earlier allows remote attackers to cause a denial of ...)
- checkpw <unfixed> (bug #780139)
CVE-2015-0884 (Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack ...)
More information about the Secure-testing-commits
mailing list