[Secure-testing-commits] r40970 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2016-04-18 13:58:54 +0000 (Mon, 18 Apr 2016)
New Revision: 40970

Modified:
   data/CVE/list
Log:
Add bug reference for varnish issue

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-04-18 13:41:29 UTC (rev 40969)
+++ data/CVE/list	2016-04-18 13:58:54 UTC (rev 40970)
@@ -3658,10 +3658,9 @@
 CVE-2016-2574
 	RESERVED
 CVE-2016-XXXX [HTTP Smuggling issues: Double Content Length and bad EOL]
-	- varnish 3.0.7
-	[jessie] - varnish <not-affected> (Vulnerable code introduced later)
-	NOTE: CVE Request http://www.openwall.com/lists/oss-security/2016/04/16/1
-	NOTE: fixed in 3.0.7
+	- varnish 4.0.0-1 (bug #783510)
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/16/1
+	NOTE: fixed in 3.0.7 upstream, mark as fixed with first 4.x version in unstable
 	NOTE: 4.x not affected
 CVE-2016-XXXX [read out-of-bounds in TextEndsWithNewline]
 	- tidy-html5 <itp> (bug #770129)