[Secure-testing-commits] r43695 - in data: . CVE
Markus Koschany
apo at moszumanska.debian.org
Mon Aug 1 10:33:54 UTC 2016
Author: apo
Date: 2016-08-01 10:33:54 +0000 (Mon, 01 Aug 2016)
New Revision: 43695
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Mark CVE-2016-1000027 as no-dsa for Wheezy
"Vulnerable" code is present but upstream says it works as intended. Will
however improve the documentation in future updates.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-08-01 10:24:30 UTC (rev 43694)
+++ data/CVE/list 2016-08-01 10:33:54 UTC (rev 43695)
@@ -1024,6 +1024,7 @@
CVE-2016-1000027
RESERVED
- libspring-java <unfixed>
+ [wheezy] - libspring-java <no-dsa> (Minor issue)
NOTE: https://www.tenable.com/security/research/tra-2016-20
TODO: check
CVE-2016-6255 [write files via POST]
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2016-08-01 10:24:30 UTC (rev 43694)
+++ data/dla-needed.txt 2016-08-01 10:33:54 UTC (rev 43695)
@@ -37,8 +37,6 @@
NOTE: this package needs 30GB disk space, lots of RAM and CPU power
NOTE: can reproduce in Wheezy VM
--
-libspring-java
---
libsys-syslog-perl
NOTE: was not fixed with DLA-565-1. Can be fixed similar to Jessie.
--
More information about the Secure-testing-commits
mailing list