[Secure-testing-commits] r39871 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue Feb 23 21:23:19 UTC 2016 

Author: carnil
Date: 2016-02-23 21:23:19 +0000 (Tue, 23 Feb 2016)
New Revision: 39871

Modified:
   data/CVE/list
Log:
Move AST-2016-001 entry to CVE-2011-3389

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-02-23 21:21:45 UTC (rev 39870)
+++ data/CVE/list	2016-02-23 21:23:19 UTC (rev 39871)
@@ -965,15 +965,6 @@
 	NOTE: issue introduced in ~2008 with the SIP timer support implementation (https://issues.asterisk.org/jira/browse/ASTERISK-4257 https://issues.asterisk.org/jira/browse/ASTERISK-5187), so squeeze also vulnerable
 	NOTE: patch for jessie / 11: https://code.asterisk.org/code/changelog/asterisk?cs=882e85388295eac8eebd0b82e71a9af0a769b41f
 	NOTE: all versions vulnerable, backport required for wheezy
-CVE-2016-XXXX [AST-2016-001: BEAST vulnerability in HTTP server]
-	- asterisk <unfixed>
-	[jessie] - asterisk <no-dsa> (Minor issue)
-	[wheezy] - asterisk <no-dsa> (Minor issue)
-	[squeeze] - asterisk <end-of-life> (Not supported in Squeeze LTS)
-	NOTE: http://downloads.digium.com/pub/security/AST-2016-001.html
-	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24972
-	NOTE: patch for 11 (jessie): https://code.asterisk.org/code/changelog/asterisk?cs=f233bcd81d85626ce5bdd27b05bc95d131faf3e4
-	NOTE: all versions vulnerable, backport required for wheezy
 CVE-2016-XXXX [simpleid: passwords are stored as MD5]
 	- simpleid <unfixed> (bug #813611)
 CVE-2015-8807 [XSS in Horde_Core_VarRenderer_Html]
@@ -99840,6 +99831,14 @@
 	NOTE: Pound 2.6-2 added an anti_beast.patch to mitigate BEAST attacks.
 	- erlang 1:15.b-dfsg-1
 	[squeeze] - erlang <no-dsa> (Minor issue)
+	- asterisk <unfixed>
+	[jessie] - asterisk <no-dsa> (Minor issue)
+	[wheezy] - asterisk <no-dsa> (Minor issue)
+	[squeeze] - asterisk <end-of-life> (Not supported in Squeeze LTS)
+	NOTE: http://downloads.digium.com/pub/security/AST-2016-001.html
+	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24972
+	NOTE: patch for 11 (jessie): https://code.asterisk.org/code/changelog/asterisk?cs=f233bcd81d85626ce5bdd27b05bc95d131faf3e4
+	NOTE: all versions vulnerable, backport required for wheezy
 CVE-2011-3388 (Opera before 11.51 allows remote attackers to cause an insecure site ...)
 	NOT-FOR-US: Opera
 CVE-2011-3387 (The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote ...)

More information about the Secure-testing-commits mailing list