[Secure-testing-commits] r47448 - in data: . CVE
Ola Lundqvist
opal at moszumanska.debian.org
Mon Dec 26 18:39:39 UTC 2016
Author: opal
Date: 2016-12-26 18:39:39 +0000 (Mon, 26 Dec 2016)
New Revision: 47448
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Curl.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-26 18:11:27 UTC (rev 47447)
+++ data/CVE/list 2016-12-26 18:39:39 UTC (rev 47448)
@@ -8601,6 +8601,8 @@
[jessie] - curl <no-dsa> (Minor issue)
NOTE: https://curl.haxx.se/docs/adv_20161221A.html
NOTE: Fixed by: https://github.com/curl/curl/commit/3ab3c16db6a5674f53cf23d56512a405fde0b2c9
+ NOTE: There are no known vulnerable applications but as this is a
+ NOTE: library it should be fixed as we do not know the full impact.
CVE-2016-9585
RESERVED
NOT-FOR-US: JMX endpoint of Red Hat JBoss EAP 5
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2016-12-26 18:11:27 UTC (rev 47447)
+++ data/dla-needed.txt 2016-12-26 18:39:39 UTC (rev 47448)
@@ -20,6 +20,8 @@
botan1.10
NOTE: Jessie has almost identical code. Looks hard to exploit but worth fixing.
--
+curl
+--
graphicsmagick
NOTE: seems only a single memory/CPU DOS at this point, maybe wait for more issues?
NOTE: DLA-547-1 also did not fix CVE-2016-5240 so should be included in next upload.
More information about the Secure-testing-commits
mailing list