[Secure-testing-commits] r39502 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Feb 5 22:39:35 UTC 2016
Author: jmm
Date: 2016-02-05 22:39:34 +0000 (Fri, 05 Feb 2016)
New Revision: 39502
Modified:
data/CVE/list
Log:
use unimportant security for php-openid issue only in sample code
-> normal procedure for such cases
-> makes it a non-issue, so no-dsa no longer needed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-02-05 22:36:08 UTC (rev 39501)
+++ data/CVE/list 2016-02-05 22:39:34 UTC (rev 39502)
@@ -680,10 +680,8 @@
- node-cli <unfixed> (bug #809252)
[jessie] - node-cli <no-dsa> (Minor issue)
CVE-2016-2049 (examples/consumer/common.php in JanRain PHP OpenID library (aka ...)
- - php-openid <unfixed>
- [jessie] - php-openid <no-dsa> (sample code only, no vulnerable code found in Debian)
- [wheezy] - php-openid <no-dsa> (sample code only, no vulnerable code found in Debian)
- [squeeze] - php-openid <no-dsa> (sample code only, no vulnerable code found in Debian)
+ - php-openid <unfixed> (unimportant)
+ NOTE: sample code only
NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/2
NOTE: https://github.com/openid/php-openid/issues/128
CVE-2016-2047 (The ssl_verify_server_cert function in sql-common/client.c in MariaDB ...)
More information about the Secure-testing-commits
mailing list