[Secure-testing-commits] r47528 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Dec 28 18:30:08 UTC 2016
Author: jmm
Date: 2016-12-28 18:30:08 +0000 (Wed, 28 Dec 2016)
New Revision: 47528
Modified:
data/CVE/list
Log:
drop cracklib entry, fortify_source turns this into a plain crash
and the security implications are far-fetched anyway
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-28 18:19:29 UTC (rev 47527)
+++ data/CVE/list 2016-12-28 18:30:08 UTC (rev 47528)
@@ -21555,12 +21555,6 @@
- foreman <itp> (bug #663101)
CVE-2016-6319 (Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb ...)
- foreman <itp> (bug #663101)
-CVE-2016-XXXX [Buffer overflow processing long words]
- - cracklib2 <unfixed> (bug #835386)
- [jessie] - cracklib2 <no-dsa> (Minor issue)
- [wheezy] - cracklib2 <no-dsa> (Minor issue)
- NOTE: SuSE patch (not a complete fix): https://build.opensuse.org/package/view_file/Base:System/cracklib/0004-overflow-processing-long-words.patch
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/08/23/8
CVE-2016-6318 (Stack-based buffer overflow in the FascistGecosUser function in ...)
{DLA-599-1}
- cracklib2 2.9.2-2 (bug #834502)
More information about the Secure-testing-commits
mailing list