[Secure-testing-commits] r44139 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Aug 25 17:52:40 UTC 2016 

Author: jmm
Date: 2016-08-25 17:52:40 +0000 (Thu, 25 Aug 2016)
New Revision: 44139

Modified:
   data/CVE/list
Log:
one libarchive issue n/a
chicken no-dsa
spring unimportant
openvpn unimportant, generic crypto issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-08-25 17:45:56 UTC (rev 44138)
+++ data/CVE/list	2016-08-25 17:52:40 UTC (rev 44139)
@@ -565,10 +565,12 @@
 CVE-2016-6831 [Memory leak in CHICKEN Scheme's process-execute and process-spawn procedures]
 	RESERVED
 	- chicken <unfixed> (bug #834845)
+	[jessie] - chicken <no-dsa> (Minor issue)
 	NOTE: Fixed in the same upstream patch which is provided for CVE-2016-6830
 CVE-2016-6830 [Buffer overrun in CHICKEN Scheme's "process-execute" and "process-spawn" procedures from the posix unit]
 	RESERVED
 	- chicken <unfixed> (bug #834845)
+	[jessie] - chicken <no-dsa> (Minor issue)
 	NOTE: http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html
 	NOTE: https://lists.nongnu.org/archive/html/chicken-hackers/2016-07/txtSWHYeFeG0R.txt
 	NOTE: http://bugs.call-cc.org/ticket/1308
@@ -1999,9 +2001,9 @@
 	RESERVED
 CVE-2016-6329
 	RESERVED
-	- openvpn <unfixed>
+	- openvpn <unfixed> (unimportant)
 	NOTE: https://community.openvpn.net/openvpn/wiki/SWEET32
-	TODO: check
+	NOTE: This is a generic cryptographic weakness, not a vulnerability in OpenVPN per se
 CVE-2016-6328
 	RESERVED
 CVE-2016-6327
@@ -2673,9 +2675,9 @@
 	RESERVED
 CVE-2016-1000027
 	RESERVED
-	- libspring-java <unfixed>
-	[wheezy] - libspring-java <no-dsa> (Minor issue)
+	- libspring-java 4.2.7-1 (unimportant)
 	NOTE: https://www.tenable.com/security/research/tra-2016-20
+	NOTE: This is not a vulnerability in Spring itself, just how applications are using it
 CVE-2016-6255 [write files via POST]
 	RESERVED
 	{DLA-597-1}
@@ -5433,6 +5435,7 @@
 CVE-2015-8927
 	RESERVED
 	- libarchive 3.2.0-2
+	[jessie] - libarchive <not-affected> (vulnerable code not present)
 	[wheezy] - libarchive <not-affected> (vulnerable code not present)
 	NOTE: https://github.com/libarchive/libarchive/issues/523
 	NOTE: Fixed by https://github.com/libarchive/libarchive/commit/eff35d4

More information about the Secure-testing-commits mailing list