[Secure-testing-commits] r37871 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue Nov 24 19:28:06 UTC 2015


Author: jmm
Date: 2015-11-24 19:28:06 +0000 (Tue, 24 Nov 2015)
New Revision: 37871

Modified:
   data/CVE/list
Log:
mark commons-collection as unimportant, hardening change not
  a vulnerability in the collection itself
glance non-issue  


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-11-24 19:25:56 UTC (rev 37870)
+++ data/CVE/list	2015-11-24 19:28:06 UTC (rev 37871)
@@ -263,8 +263,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2015/11/10/2
 CVE-2015-8234 [Use of MD5 in OpenStack Glance image signature]
 	RESERVED
-	- glance <unfixed>
-	TODO: check
+	- glance <unfixed> (unimportant)
 CVE-2015-8219 (The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before ...)
 	- ffmpeg 7:2.8.2-1
 	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
@@ -631,8 +630,9 @@
 	- jenkins <unfixed> (bug #804522)
 	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
 CVE-2015-XXXX [java unserialisation issues]
-	- libcommons-collections3-java 3.2.2-1
-	- libcommons-collections4-java <unfixed>
+	- libcommons-collections3-java 3.2.2-1 (unimportant)
+	- libcommons-collections4-java <unfixed> (unimportant)
+        NOTE: severity unimportant since this is a hardening change, actual vulnerability relies in specific
 	NOTE: https://issues.apache.org/jira/browse/COLLECTIONS-580
 	NOTE: No CVE is expected to be assigned, cf http://www.openwall.com/lists/oss-security/2015/11/17/19
 	NOTE: Patches for 3.2.x:




More information about the Secure-testing-commits mailing list