[Secure-testing-commits] r40443 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Mar 17 17:59:03 UTC 2016 

Author: jmm
Date: 2016-03-17 17:59:03 +0000 (Thu, 17 Mar 2016)
New Revision: 40443

Modified:
   data/CVE/list
Log:
ntp no-dsa
another proftpd no-dsa
rawtherapee no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-03-17 16:47:07 UTC (rev 40442)
+++ data/CVE/list	2016-03-17 17:59:03 UTC (rev 40443)
@@ -723,8 +723,8 @@
 CVE-2016-3125 [TLSDHParamFile directive ignored]
 	RESERVED
 	- proftpd-dfsg <unfixed> (bug #818492)
-	[jessie] - proftpd-dfsg <no-dsa> (Minor issue; can fixed in point release)
-	[wheezy] - proftpd-dfsg <no-dsa> (Minor issue; can fixed in point release)
+	[jessie] - proftpd-dfsg <no-dsa> (Minor issue; can be fixed in point release)
+	[wheezy] - proftpd-dfsg <no-dsa> (Minor issue; can be fixed in point release)
 	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4230
 	NOTE: Fixed in 1.3.6rc2, 1.3.5b.
 CVE-2016-3064
@@ -10588,6 +10588,8 @@
 	NOTE: http://seclists.org/fulldisclosure/2015/Dec/att-57/cacti_sqli%281%29.txt
 CVE-2015-XXXX [Avoid unbounded SFTP extended attribute key/values]
 	- proftpd-dfsg <unfixed>
+	[jessie] - proftpd-dfsg <no-dsa> (Minor issue; can be fixed in point release)
+	[wheezy] - proftpd-dfsg <no-dsa> (Minor issue; can be fixed in point release)
 	[squeeze] - proftpd-dfsg <not-affected> (Vulnerable code not present)
 	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4210
 	NOTE: https://github.com/proftpd/proftpd/pull/171
@@ -10666,6 +10668,7 @@
 	[wheezy] - ufraw <not-affected> (Vulnerable code not present)
 	[squeeze] - ufraw <not-affected> (Vulnerable code not present)
 	- rawtherapee <unfixed>
+	[jessie] - rawtherapee <no-dsa> (Minor issue)
 	[wheezy] - rawtherapee <not-affected> (Vulnerable code not present)
 	[squeeze] - rawtherapee <not-affected> (Vulnerable code not present)
 	- exactimage 0.9.1-13
@@ -11853,6 +11856,8 @@
 CVE-2015-7979 [Off-path Denial of Service (DoS) attack on authenticated broadcast mode]
 	RESERVED
 	- ntp <unfixed>
+	[jessie] - ntp <no-dsa> (Minor issue, can be fixed along in a future update)
+	[wheezy] - ntp <no-dsa> (Minor issue, can be fixed along in a future update)
 	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
 	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2942
 	NOTE: https://github.com/ntp-project/ntp/commit/fe46889f7baa75fc8e6c0fcde87706d396ce1461

More information about the Secure-testing-commits mailing list