[Secure-testing-commits] r42494 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Jun 13 04:38:06 UTC 2016
Author: carnil
Date: 2016-06-13 04:38:06 +0000 (Mon, 13 Jun 2016)
New Revision: 42494
Modified:
data/CVE/list
Log:
Expand note for CVE-2016-5361
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-06-13 04:24:29 UTC (rev 42493)
+++ data/CVE/list 2016-06-13 04:38:06 UTC (rev 42494)
@@ -77,7 +77,10 @@
CVE-2016-5361
RESERVED
- libreswan <itp> (bug #773459)
- TODO: check other implementations, but CVE is assigned specific to libreswan
+ NOTE: Possibly the CVE should be rejected: http://www.openwall.com/lists/oss-security/2016/06/13/1
+ NOTE: MITRE has not assigned the CVE to the protocol flaw, but specific to libreswan, but as
+ NOTE: Huzaifa Sidhpurwala <huzaifas at redhat.com> pointed out that is not a libreswan issue, rather
+ NOTE: the protocol is flawed.
CVE-2016-5360 [remote denial of service via reqdeny]
RESERVED
- haproxy 1.6.5-2 (bug #826869)
More information about the Secure-testing-commits
mailing list