[Secure-testing-commits] r43695 - in data: . CVE

Markus Koschany apo at moszumanska.debian.org
Mon Aug 1 10:33:54 UTC 2016


Author: apo
Date: 2016-08-01 10:33:54 +0000 (Mon, 01 Aug 2016)
New Revision: 43695

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
Mark CVE-2016-1000027 as no-dsa for Wheezy

"Vulnerable" code is present but upstream says it works as intended. Will
however improve the documentation in future updates.



Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-08-01 10:24:30 UTC (rev 43694)
+++ data/CVE/list	2016-08-01 10:33:54 UTC (rev 43695)
@@ -1024,6 +1024,7 @@
 CVE-2016-1000027
 	RESERVED
 	- libspring-java <unfixed>
+	[wheezy] - libspring-java <no-dsa> (Minor issue)
 	NOTE: https://www.tenable.com/security/research/tra-2016-20
 	TODO: check
 CVE-2016-6255 [write files via POST]

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2016-08-01 10:24:30 UTC (rev 43694)
+++ data/dla-needed.txt	2016-08-01 10:33:54 UTC (rev 43695)
@@ -37,8 +37,6 @@
   NOTE: this package needs 30GB disk space, lots of RAM and CPU power
   NOTE: can reproduce in Wheezy VM
 --
-libspring-java
---
 libsys-syslog-perl
   NOTE: was not fixed with DLA-565-1. Can be fixed similar to Jessie.
 --




More information about the Secure-testing-commits mailing list