[Secure-testing-commits] r44002 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Aug 16 18:47:35 UTC 2016
Author: carnil
Date: 2016-08-16 18:47:35 +0000 (Tue, 16 Aug 2016)
New Revision: 44002
Modified:
data/CVE/list
Log:
Update status for cracklib2
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-08-16 18:38:16 UTC (rev 44001)
+++ data/CVE/list 2016-08-16 18:47:35 UTC (rev 44002)
@@ -1320,7 +1320,9 @@
CVE-2016-6318 [Stack-based buffer overflow when parsing large GECOS field]
RESERVED
- cracklib2 <unfixed> (bug #834502)
+ [jessie] - cracklib2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/attachment.cgi?id=1188599
+ NOTE: In Debian compiled with CPPFLAGS="-D_FORTIFY_SOURCE=2" so, at most application crash
CVE-2016-6317 [unsafe query generation in Active Record]
RESERVED
- rails <unfixed> (bug #834154)
More information about the Secure-testing-commits
mailing list