[Secure-testing-commits] r42077 - data/CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2016-05-27 14:18:46 +0000 (Fri, 27 May 2016)
New Revision: 42077

Modified:
   data/CVE/list
Log:
libuser no-dsa
blender unimportant


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-05-27 14:18:09 UTC (rev 42076)
+++ data/CVE/list	2016-05-27 14:18:46 UTC (rev 42077)
@@ -30565,9 +30565,11 @@
 CVE-2015-3246 (libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the ...)
 	{DLA-468-1}
 	- libuser 1:0.62~dfsg-0.1 (bug #793465)
+	[jessie] - libuser <no-dsa> (Minor issue)
 CVE-2015-3245 (Incomplete blacklist vulnerability in the chfn function in libuser ...)
 	{DLA-468-1}
 	- libuser 1:0.62~dfsg-0.1 (bug #793465)
+	[jessie] - libuser <no-dsa> (Minor issue)
 	NOTE: initially attributed to usermode package, root-cause fixed in libuser instead
 CVE-2015-3244 (The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, ...)
 	NOT-FOR-US: PortletBridge component of Red Hat JBoss Portal
@@ -96876,10 +96878,10 @@
 CVE-2010-5106 (The XML-RPC remote publishing interface in xmlrpc.php in WordPress ...)
 	- wordpress 3.0.3-1
 CVE-2010-5105 (The undo save quit routine in the kernel in Blender 2.5, 2.63a, and ...)
-	- blender <unfixed> (low; bug #584621)
-	[jessie] - blender <no-dsa> (Minor issue)
+	- blender <unfixed> (unimportant; bug #584621)
 	[squeeze] - blender <no-dsa> (Minor issue)
 	[wheezy] - blender <no-dsa> (Minor issue)
+	NOTE: Neutralised by kernel temp hardening
 CVE-2010-5104 (The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before ...)
 	- typo3-src 4.3.9+dfsg1-1 (bug #607286)
 CVE-2010-5103 (SQL injection vulnerability in the list module in TYPO3 4.2.x before ...)