[Secure-testing-commits] r44162 - in data: . CVE
Balint Reczey
rbalint at moszumanska.debian.org
Fri Aug 26 19:45:28 UTC 2016
Author: rbalint
Date: 2016-08-26 19:45:28 +0000 (Fri, 26 Aug 2016)
New Revision: 44162
Modified:
data/CVE/list
data/dla-needed.txt
Log:
CVE-2016-6252 does not affect wheezy
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-08-26 19:31:27 UTC (rev 44161)
+++ data/CVE/list 2016-08-26 19:45:28 UTC (rev 44162)
@@ -2627,7 +2627,9 @@
CVE-2016-6252 [incorrect integer handling]
RESERVED
- shadow <unfixed> (bug #832170)
+ [wheezy] - shadow <not-affected> (Vulnerable code not present)
NOTE: https://github.com/shadow-maint/shadow/issues/27
+ NOTE: the change to getulong() is applicable but does not make a difference
CVE-2016-6251 [potentially unsafe use of getlogin]
RESERVED
- shadow <unfixed> (unimportant)
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2016-08-26 19:31:27 UTC (rev 44161)
+++ data/dla-needed.txt 2016-08-26 19:45:28 UTC (rev 44162)
@@ -64,11 +64,6 @@
ruby-activesupport-3.2 (Guido Günther)
NOTE: help appreciated from s.b. knowing active{record,model}
--
-shadow (Balint Reczey)
- NOTE: Waiting for upstream's decision on proposed fixes
- NOTE: https://github.com/shadow-maint/shadow/issues/27
- NOTE: https://github.com/shadow-maint/shadow/issues/28
---
tiff (Emilio Pozuelo)
NOTE: 20160226, no fix available yet
NOTE: 20160626, there are new vulnerabilities, Emilio Pozuelo Monfort forwarded them upstream
More information about the Secure-testing-commits
mailing list