[Secure-testing-commits] r47454 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon Dec 26 19:25:42 UTC 2016


Author: jmm
Date: 2016-12-26 19:25:42 +0000 (Mon, 26 Dec 2016)
New Revision: 47454

Modified:
   data/CVE/list
Log:
mark further issues neutralised by kernel hardening as unimportant


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-12-26 19:10:57 UTC (rev 47453)
+++ data/CVE/list	2016-12-26 19:25:42 UTC (rev 47454)
@@ -20236,10 +20236,8 @@
 CVE-2016-1000009 (TP-LINK lost control of two domains, www.tplinklogin.net and ...)
 	TODO: check
 CVE-2016-XXXX [Insecure use of /tmp]
-	- leptonlib <unfixed> (bug #830660)
-	[jessie] - leptonlib <no-dsa> (Minor issue)
-	[wheezy] - leptonlib <no-dsa> (Minor issue)
-	NOTE: Not exploitable with kernel hardening since wheezy
+	- leptonlib 1.73-5 (unimportant; bug #830660)
+	NOTE: Neutralised by kernel hardening
 CVE-2016-6198 (The filesystem layer in the Linux kernel before 4.5.5 proceeds with ...)
 	- linux 4.5.5-1
 	[jessie] - linux <not-affected> (Vulnerable code not present)
@@ -43967,8 +43965,8 @@
 	RESERVED
 CVE-2015-7529 [Usage of predictable temporary files allows privilege escalation]
 	RESERVED
-	- sosreport 3.2+git276-g7da50d6-3
-	[jessie] - sosreport <no-dsa> (Minor issue; mitigated by fs.protected_symlinks)
+	- sosreport 3.2+git276-g7da50d6-3 (unimportant)
+	NOTE: Neutralised by kernel hardening
 CVE-2015-7528 (Kubernetes before 1.2.0-alpha.5 allows remote attackers to read ...)
 	- kubernetes <itp> (bug #795652)
 	NOTE: https://github.com/kubernetes/kubernetes/pull/17886
@@ -77442,9 +77440,8 @@
 	NOTE: https://github.com/plack/Plack/issues/405
 CVE-2014-5255 [Insecure use of temporary file related to the /tmp/get_infos_dvd.sh]
 	RESERVED
-	- xcfa 5.0.1-1 (low; bug #756600)
-	[jessie] - xcfa <no-dsa> (Minor issue)
-	[wheezy] - xcfa <no-dsa> (Minor issue)
+	- xcfa 5.0.1-1 (unimportant; bug #756600)
+	NOTE: Neutralised by kernel temp hardening
 CVE-2014-5254 [Symlink following issues]
 	RESERVED
 	- xcfa 5.0.1-1 (unimportant; bug #756600)




More information about the Secure-testing-commits mailing list