[Secure-testing-commits] r46090 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Nov 10 05:20:48 UTC 2016
Author: carnil
Date: 2016-11-10 05:20:48 +0000 (Thu, 10 Nov 2016)
New Revision: 46090
Modified:
data/CVE/list
Log:
Mark CVE-2016-1000223 as unimportant
This is a bit of a missuse of 'unimportant'. But upstream and the issue
reporter dissagree on where the issue lies and the CVE still though was
assigned to Apache Commons FileUpload DiskFileItem.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-09 21:10:14 UTC (rev 46089)
+++ data/CVE/list 2016-11-10 05:20:48 UTC (rev 46090)
@@ -2770,9 +2770,12 @@
CVE-2016-1000223
RESERVED
CVE-2016-1000031 (Apache Commons FileUpload DiskFileItem File Manipulation Remote Code ...)
- - libcommons-fileupload-java <unfixed>
+ - libcommons-fileupload-java <unfixed> (unimportant)
NOTE: https://www.tenable.com/security/research/tra-2016-12
- TODO: check
+ NOTE: Marked as unimportant since even though the CVE is assigned for Apache Commons FileUpload
+ NOTE: Apache say that issue needs to be fixed in any vendor/product using Apache Commons FileUpload
+ NOTE: DiskFileItem as described in the given advisory.
+ NOTE: Thus we are not going to diverge from Apache upstream here.
CVE-2016-7466 [usb: xhci memory leakage during device unplug]
RESERVED
- qemu 1:2.7+dfsg-1 (bug #838687)
More information about the Secure-testing-commits
mailing list