[Secure-testing-commits] r39352 - data/CVE

Antoine Beaupré anarcat at moszumanska.debian.org
Sat Jan 30 17:08:02 UTC 2016


Author: anarcat
Date: 2016-01-30 17:08:02 +0000 (Sat, 30 Jan 2016)
New Revision: 39352

Modified:
   data/CVE/list
Log:
patches for CVE-2016-0494 and CVE-CVE-2015-4844 were reversed

f556d4c82ef1 appeared later than dbb4e2bdfa9e and the latter is refered to in the redhat Bug https://bugzilla.redhat.com/show_bug.cgi?id=1273318

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-01-30 16:32:11 UTC (rev 39351)
+++ data/CVE/list	2016-01-30 17:08:02 UTC (rev 39352)
@@ -4864,7 +4864,7 @@
 	- openjdk-7 7u95-2.6.4-1
 	- openjdk-6 <removed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1298906#c1
-	NOTE: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/dbb4e2bdfa9e#l2.15
+	NOTE: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/f556d4c82ef1
 	- icu <unfixed>
 	NOTE: ICU not directly affected by CVE-2016-0494 itself since original patch for
 	NOTE: CVE-2015-4844 was not yet applied. CVE-2016-0494 was introduced as part of
@@ -16295,6 +16295,9 @@
 	NOTE: For ICU note that the original fix causes additional problems:
 	NOTE: https://ssl.icu-project.org/trac/ticket/12020#comment:4
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1298906#c1
+        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1273318
+	NOTE: see also CVE-2016-0494, introduced in through the fix for this CVE.
+	NOTE: patch: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/dbb4e2bdfa9e
 CVE-2015-4843 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
 	{DSA-3381-1 DLA-346-1}
 	- openjdk-6 <removed>




More information about the Secure-testing-commits mailing list