[Secure-testing-commits] r39956 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2016-02-26 18:38:02 +0000 (Fri, 26 Feb 2016)
New Revision: 39956

Modified:
   data/CVE/list
Log:
Update information for src:squid and CVE-2016-25{69,70,71}

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-02-26 16:39:06 UTC (rev 39955)
+++ data/CVE/list	2016-02-26 18:38:02 UTC (rev 39956)
@@ -12,24 +12,25 @@
 	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch
 CVE-2016-2571
 	- squid3 <unfixed> (bug #816011)
-	- squid <removed>
+	- squid <not-affected> (Vulnerable code not present)
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
 	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13990.patch
 	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch
-	TODO: check versions
+	NOTE: Upstream confirmed it does not affect squid 2.7.x
 CVE-2016-2570
 	- squid3 <unfixed> (bug #816011)
-	- squid <removed>
+	- squid <not-affected> (Vulnerable code not present)
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
 	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13993.patch
 	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14549.patch
+	NOTE: Upstream confirmed it does not affect squid 2.7.x
 CVE-2016-2569
 	- squid3 <unfixed> (bug #816011)
-	- squid <removed>
+	- squid <not-affected> (Vulnerable code not present)
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
 	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13991.patch
 	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14552.patch
-	TODO: check versions
+	NOTE: Upstream confirmed it does not affect squid 2.7.x
 CVE-2016-2568 [Program run via pkexec as unprivileged user can escape to parent session via TIOCSTI ioctl]
 	- policykit-1 <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1300746