[Secure-testing-commits] r43040 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Jul 6 18:15:52 UTC 2016
Author: jmm
Date: 2016-07-06 18:15:52 +0000 (Wed, 06 Jul 2016)
New Revision: 43040
Modified:
data/CVE/list
Log:
npm no-dsa
wait with openssl for next update round
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-07-06 14:53:25 UTC (rev 43039)
+++ data/CVE/list 2016-07-06 18:15:52 UTC (rev 43040)
@@ -6637,8 +6637,8 @@
CVE-2016-3957
RESERVED
CVE-2016-3956 (The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js ...)
- - npm <undetermined>
- TODO: check
+ - npm <unfixed>
+ [jessie] - npm <no-dsa> (Minor issue)
CVE-2016-3954
RESERVED
CVE-2016-3953
@@ -11923,9 +11923,11 @@
RESERVED
CVE-2016-2178 (The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL ...)
- openssl <unfixed> (low)
+ [jessie] - openssl <no-dsa> (Wait until next openssl update round)
NOTE: Fixed in master branch in https://git.openssl.org/?p=openssl.git;a=commit;h=399944622df7bd81af62e67ea967c470534090e2
CVE-2016-2177 (OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for ...)
- openssl <unfixed> (low)
+ [jessie] - openssl <no-dsa> (Wait until next openssl update round)
NOTE: Fixed in 1.0.2 branch in https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7
CVE-2016-2176 (The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL ...)
- openssl <not-affected> (Only applies to EBCDIC systems)
More information about the Secure-testing-commits
mailing list