[Secure-testing-commits] r46605 - in data: CVE DSA

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sun Nov 27 20:07:33 UTC 2016 

Author: carnil
Date: 2016-11-27 20:07:32 +0000 (Sun, 27 Nov 2016)
New Revision: 46605

Modified:
   data/CVE/list
   data/DSA/list
Log:
Revert "Clarify status for CVE-2016-0494, and remove from DSA list", but remove jessie tagged entry

This reverts commit 15d2e3b8829ea8324c5e0a1fb74d79daa17ef8fe.

Rationale for reverting: the DSA advisory contains the mention of the
CVE, and thus will the webpage. Avoid confusion and thus (even nocht
fully right), remove the not-affected status.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-11-27 20:03:55 UTC (rev 46604)
+++ data/CVE/list	2016-11-27 20:07:32 UTC (rev 46605)
@@ -30870,11 +30870,11 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1298906#c1
 	NOTE: Upstream commit for OpenJDK: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/f556d4c82ef1
 	- icu 57.1-4
-	[jessie] - icu <not-affected> (Patch for CVE-2015-4844 not applied)
 	NOTE: ICU not directly affected by CVE-2016-0494 itself since original patch for
 	NOTE: CVE-2015-4844 was not yet applied. CVE-2016-0494 was introduced as part of
-	NOTE: the CVE-2015-4844 fix.
-	NOTE: Fix made complete in DSA-3725-1 thus not affected by CVE-2016-0494
+	NOTE: the CVE-2015-4844 fix. To avoid confusion with the DSA text in DSA-3725-1
+	NOTE: threat this CVE separately as affected src:icu despite beeing for the
+	NOTE: incomplete fix for CVE-2015-4844
 CVE-2016-0493 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
 	NOT-FOR-US: Oracle
 CVE-2016-0492 (Unspecified vulnerability in the Oracle Application Testing Suite ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2016-11-27 20:03:55 UTC (rev 46604)
+++ data/DSA/list	2016-11-27 20:07:32 UTC (rev 46605)
@@ -2,7 +2,7 @@
 	{CVE-2016-7799 CVE-2016-7906 CVE-2016-8677 CVE-2016-8862 CVE-2016-9556 CVE-2016-9559}
 	[jessie] - imagemagick 8:6.8.9.9-5+deb8u6
 [27 Nov 2016] DSA-3725-1 icu - security update
-	{CVE-2014-9911 CVE-2015-2632 CVE-2015-4844 CVE-2016-6293 CVE-2016-7415}
+	{CVE-2014-9911 CVE-2015-2632 CVE-2015-4844 CVE-2016-0494 CVE-2016-6293 CVE-2016-7415}
 	[jessie] - icu 52.1-8+deb8u4
 [24 Nov 2016] DSA-3724-1 gst-plugins-good0.10 - security update
 	{CVE-2016-9634 CVE-2016-9635 CVE-2016-9636}

More information about the Secure-testing-commits mailing list