[Secure-testing-commits] r37309 - data/CVE

Ben Hutchings benh at moszumanska.debian.org
Sun Oct 25 03:57:21 UTC 2015


Author: benh
Date: 2015-10-25 03:57:21 +0000 (Sun, 25 Oct 2015)
New Revision: 37309

Modified:
   data/CVE/list
Log:
Fix list of commits for some ntp issues and add <not-affected> as appropriate

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-10-25 00:54:47 UTC (rev 37308)
+++ data/CVE/list	2015-10-25 03:57:21 UTC (rev 37309)
@@ -184,8 +184,6 @@
 	- ntp 1:4.2.8p4+dfsg-1
 	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
 	NOTE: https://github.com/ntp-project/ntp/commit/aa44b5835d69d8ee031736bb8ee2730a514edb7d
-	NOTE: https://github.com/ntp-project/ntp/commit/f92b3b986bbb3419b8cd1b9b5a40ecf3c955d885
-	NOTE: https://github.com/ntp-project/ntp/commit/2fc399440d8a3b9f8056caf68b3ceb031be1ca6d
 CVE-2015-7870
 	RESERVED
 CVE-2015-7869
@@ -227,11 +225,17 @@
 CVE-2015-7854
 	RESERVED
 	- ntp 1:4.2.8p4+dfsg-1
+	[jessie] - ntp <not-affected> (Bug introduced in 4.2.7p262)
+	[wheezy] - ntp <not-affected> (Bug introduced in 4.2.7p262)
+	[squeeze] - ntp <not-affected> (Bug introduced in 4.2.7p262)
 	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
-	NOTE: https://github.com/ntp-project/ntp/commit/e182a2334ae6a2ab77ba3aad662f6ec676e59106
+	NOTE: https://github.com/ntp-project/ntp/commit/1bb401576f412532d8cdcca5509b85ad29605913
 CVE-2015-7853
 	RESERVED
 	- ntp 1:4.2.8p4+dfsg-1
+	[jessie] - ntp <not-affected> (Bug introduced in 4.2.8p1-beta3)
+	[wheezy] - ntp <not-affected> (Bug introduced in 4.2.8p1-beta3)
+	[squeeze] - ntp <not-affected> (Bug introduced in 4.2.8p1-beta3)
 	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
 	NOTE: https://github.com/ntp-project/ntp/commit/8482b536f9494a5d45196ab5b7e13040f5940261
 CVE-2015-7852
@@ -242,6 +246,9 @@
 CVE-2015-7851
 	RESERVED
 	- ntp 1:4.2.8p4+dfsg-1
+	[jessie] - ntp <no-dsa> (Vulnerability only affects VMS)
+	[wheezy] - ntp <no-dsa> (Vulnerability only affects VMS)
+	[squeeze] - ntp <no-dsa> (Vulnerability only affects VMS)
 	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
 	NOTE: https://github.com/ntp-project/ntp/commit/184516e143ce4448ddb5b9876dd372008cc779f6
 CVE-2015-7850
@@ -252,12 +259,17 @@
 CVE-2015-7849
 	RESERVED
 	- ntp 1:4.2.8p4+dfsg-1
+	[jessie] - ntp <not-affected> (Bug introduced in 4.2.7p262)
+	[wheezy] - ntp <not-affected> (Bug introduced in 4.2.7p262)
+	[squeeze] - ntp <not-affected> (Bug introduced in 4.2.7p262)
 	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
 	NOTE: https://github.com/ntp-project/ntp/commit/9c22e66c8f2be6aa0c846f0d9804db20f93c105d
-	NOTE: https://github.com/ntp-project/ntp/commit/1bb401576f412532d8cdcca5509b85ad29605913
 CVE-2015-7848
 	RESERVED
 	- ntp 1:4.2.8p4+dfsg-1
+	[jessie] - ntp <not-affected> (Bug introduced in 4.2.7p131)
+	[wheezy] - ntp <not-affected> (Bug introduced in 4.2.7p131)
+	[squeeze] - ntp <not-affected> (Bug introduced in 4.2.7p131)
 	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
 	NOTE: https://github.com/ntp-project/ntp/commit/c04c3d3d940dfe1a53132925c4f51aef017d2e0f
 CVE-2015-7847
@@ -668,7 +680,6 @@
 	RESERVED
 	- ntp 1:4.2.8p4+dfsg-3
 	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
-	NOTE: Partially fixed upstream together with CVE-2015-7705
 	NOTE: Original ntp fix applied in 1:4.2.8p4+dfsg-1for CVE-2015-7704 is apparently broken
 	NOTE: http://lists.ntp.org/pipermail/pool/2015-October/007631.html
 CVE-2015-7703




More information about the Secure-testing-commits mailing list