[Secure-testing-commits] r42655 - data/CVE

Mon Jun 20 17:34:39 UTC 2016

Author: jmm
Date: 2016-06-20 17:34:39 +0000 (Mon, 20 Jun 2016)
New Revision: 42655

Modified:
   data/CVE/list
Log:
libjackson-json-java, libspring no-dsa
ntp n/a
tiff no-dsa
jenkins NFUs


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2016-06-20 17:06:33 UTC (rev 42654)
+++ data/CVE/list	2016-06-20 17:34:39 UTC (rev 42655)
@@ -747,13 +747,15 @@
 CVE-2016-5323 [tiffcrop _TIFFFax3fillruns(): NULL pointer dereference]
 	RESERVED
 	- tiff <unfixed>
+	[jessie] - tiff <no-dsa> (Minor issue)
+	[wheezy] - tiff <no-dsa> (Minor issue)
 	- tiff3 <removed>
-	TODO: check
 CVE-2016-5322 [extractContigSamplesBytes:  out-of-bounds read]
 	RESERVED
-	- tiff <unfixed>
-	- tiff3 <removed>
-	TODO: check
+	[jessie] - tiff <no-dsa> (Minor issue)
+	[wheezy] - tiff <no-dsa> (Minor issue)
+	- tiff3 <removed> (unimportant)
+	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
 CVE-2016-5321 [DumpModeDecode(): Ddos]
 	RESERVED
 	- tiff <unfixed>
@@ -1899,10 +1901,16 @@
 	RESERVED
 CVE-2016-4988
 	RESERVED
+	NOT-FOR-US: Jenkins plugin
+	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20
 CVE-2016-4987
 	RESERVED
+	NOT-FOR-US: Jenkins plugin
+	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20
 CVE-2016-4986
 	RESERVED
+	NOT-FOR-US: Jenkins plugin
+	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20
 CVE-2016-4985
 	RESERVED
 CVE-2016-4984
@@ -12696,9 +12704,8 @@
 	NOTE: https://github.com/facebook/hhvm/commit/f21dccdde582c61d5a9b52dd821bcb1f08169d28
 CVE-2016-1551 [Refclock packets can come from the network]
 	RESERVED
-	- ntp 1:4.2.8p7+dfsg-1
+	- ntp <not-affected> (Does affect Linux or FreeBSD)
 	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
-	TODO: check
 CVE-2016-1550 [Timing attack for authenticated packets]
 	RESERVED
 	- ntp 1:4.2.8p7+dfsg-1
@@ -27045,7 +27052,9 @@
 CVE-2015-5211
 	RESERVED
 	- libspring-java <unfixed>
+	[jessie] - libspring-java <no-dsa> (Minor issue)
 	- libjackson-json-java <unfixed>
+	[jessie] - libjackson-json-java <no-dsa> (Minor issue)
 	NOTE: https://jira.spring.io/browse/SPR-13548
 	NOTE: https://github.com/spring-projects/spring-framework/commit/2bd1da
 	NOTE: https://github.com/spring-projects/spring-framework/commit/a95c3d


