[Secure-testing-commits] r46981 - in data: CVE DLA

[Salvatore Bonaccorso]

Author: carnil
Date: 2016-12-12 05:22:32 +0000 (Mon, 12 Dec 2016)
New Revision: 46981

Modified:
   data/CVE/list
   data/DLA/list
Log:
CVE-2016-9928/mcabber assigned

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-12-11 21:58:22 UTC (rev 46980)
+++ data/CVE/list	2016-12-12 05:22:32 UTC (rev 46981)
@@ -8286,14 +8286,12 @@
 	RESERVED
 CVE-2016-9444
 	RESERVED
-CVE-2016-XXXX [MCabber before 1.0.4 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza]
+CVE-2016-9928 [MCabber before 1.0.4 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza]
 	- mcabber <unfixed> (bug #845258)
 	[jessie] - mcabber <no-dsa> (Minor issue)
-	[wheezy] - mcabber 0.10.1-3+deb7u1
-	NOTE: Workaround entry for DLA-724-1 until CVE assigned
 	NOTE: https://bitbucket.org/McKael/mcabber-crew/commits/6e1ead98930d7dd0a520ad17c720ae4908429033/raw
 	NOTE: Similar issue for mcabber as for gajim in CVE-2015-8688
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/09/5
+	NOTE: http://www.openwall.com/lists/oss-security/2016/12/09/5
 CVE-2016-XXXX [Rorster vulnerability similar to CVE-2015-8688]
 	- slixmpp 1.2.2-1
 	NOTE: Similar issue for mcabber as for gajim in CVE-2015-8688 (but should get a seprate CVE)

Modified: data/DLA/list
===================================================================
--- data/DLA/list	2016-12-11 21:58:22 UTC (rev 46980)
+++ data/DLA/list	2016-12-12 05:22:32 UTC (rev 46981)
@@ -49,6 +49,7 @@
 [30 Nov 2016] DLA-725-1 tzdata - new upstream version
 	[wheezy] - tzdata 2016j-0+deb7u1
 [27 Nov 2016] DLA-724-1 mcabber - security update
+	{CVE-2016-9928}
 	[wheezy] - mcabber 0.10.1-3+deb7u1
 [25 Nov 2016] DLA-723-1 libsoap-lite-perl - security update
 	{CVE-2015-8978}