[Secure-testing-commits] r40476 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Mar 20 12:44:46 UTC 2016
Author: carnil
Date: 2016-03-20 12:44:46 +0000 (Sun, 20 Mar 2016)
New Revision: 40476
Modified:
data/CVE/list
Log:
Mark CVE-2016-2570/squid3 as no-dsa for jessie and wheezy
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-03-20 12:29:12 UTC (rev 40475)
+++ data/CVE/list 2016-03-20 12:44:46 UTC (rev 40476)
@@ -2523,6 +2523,8 @@
NOTE: Upstream confirmed it does not affect squid 2.7.x
CVE-2016-2570 (The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x ...)
- squid3 3.5.15-1 (bug #816011)
+ [jessie] - squid3 <no-dsa> (Minor issue, needs ubstantial backporting; too intrusive to backport)
+ [wheezy] - squid3 <no-dsa> (Minor issue, needs ubstantial backporting; too intrusive to backport)
- squid <not-affected> (Vulnerable code not present)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13993.patch
More information about the Secure-testing-commits
mailing list