[Secure-testing-commits] r47362 - in data: . CVE
Ola Lundqvist
opal at moszumanska.debian.org
Thu Dec 22 21:37:00 UTC 2016
Author: opal
Date: 2016-12-22 21:37:00 +0000 (Thu, 22 Dec 2016)
New Revision: 47362
Modified:
data/CVE/list
data/dla-needed.txt
Log:
exim4 is vulnerable.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-22 21:31:31 UTC (rev 47361)
+++ data/CVE/list 2016-12-22 21:37:00 UTC (rev 47362)
@@ -561,6 +561,7 @@
- exim4 <unfixed>
NOTE: https://bugs.exim.org/show_bug.cgi?id=1996
NOTE: http://www.openwall.com/lists/oss-security/2016/12/16/1
+ NOTE: The vulnerability is confirmed to affect at least wheezy.
CVE-2016-9961
RESERVED
{DSA-3735-1 DLA-750-1}
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2016-12-22 21:31:31 UTC (rev 47361)
+++ data/dla-needed.txt 2016-12-22 21:37:00 UTC (rev 47362)
@@ -15,6 +15,10 @@
botan1.10
NOTE: Jessie has almost identical code. Looks hard to exploit but worth fixing.
--
+exim4
+ NOTE: The information about CVE-2016-9963 is not public. However the
+ NOTE: vulnerability is confirmed to exist in oldstable.
+--
graphicsmagick
NOTE: seems only a single memory/CPU DOS at this point, maybe wait for more issues?
NOTE: DLA-547-1 also did not fix CVE-2016-5240 so should be included in next upload.
More information about the Secure-testing-commits
mailing list