[Secure-testing-commits] r43794 - data/CVE

Fri Aug 5 20:34:20 UTC 2016

Author: jmm
Date: 2016-08-05 20:34:20 +0000 (Fri, 05 Aug 2016)
New Revision: 43794

Modified:
   data/CVE/list
Log:
erlang unimportant
gdk-pixbuf, cakephp no-dsa


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2016-08-05 20:30:34 UTC (rev 43793)
+++ data/CVE/list	2016-08-05 20:34:20 UTC (rev 43794)
@@ -1116,9 +1116,9 @@
 	RESERVED
 CVE-2016-1000107
 	RESERVED
-	- erlang <unfixed>
+	- erlang <unfixed> (unimportant)
 	NOTE: https://bugs.erlang.org/browse/ERL-198
-	TODO: check
+	NOTE: No part of Erlang does set HTTP_PROXY based on a Proxy: header, just hardening
 CVE-2016-1000106
 	RESERVED
 CVE-2016-1000105
@@ -1280,6 +1280,7 @@
 CVE-2016-6352 [Write out-of-bounds]
 	RESERVED
 	- gdk-pixbuf <unfixed> (bug #832496)
+	[jessie] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed along in a future DSA)
 	[wheezy] - gdk-pixbuf <not-affected> (Fails with ENOMEM, no crash)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/11
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=769170
@@ -21471,6 +21472,7 @@
 	NOTE: original ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226
 CVE-2015-8379 (CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to ...)
 	- cakephp 2.8.0-1 (bug #832316)
+	[jessie] - cakephp <no-dsa> (Minor issue)
 	NOTE: http://karmainsecurity.com/KIS-2016-01
 	NOTE: https://github.com/cakephp/cakephp/commit/0f818a23a876c01429196bf7623e1e94a50230f0
 CVE-2015-8400 (The HTTPS fallback implementation in Shell In A Box (aka shellinabox) ...)
@@ -23365,6 +23367,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2015/10/18/2
 CVE-2015-XXXX [cakephp: XML class SSRF vulnerability]
 	- cakephp 2.6.7-1 (bug #832283)
+	[jessie] - cakephp <no-dsa> (Minor issue)
 	[wheezy] - cakephp 1.3.15-1+deb7u1
 	[squeeze] - cakephp 1.3.2-1.1+deb6u11
 	NOTE: Workaround entry for DLA-333-1 and DLA-566-1 until/if CVE assigned


