[Secure-testing-commits] r44978 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Oct 3 08:28:43 UTC 2016
Author: carnil
Date: 2016-10-03 08:28:43 +0000 (Mon, 03 Oct 2016)
New Revision: 44978
Modified:
data/CVE/list
Log:
Mark CVE-2016-7545 as no dsa
Marked as no-dsa since the produced binary package does not include the
sandbox binary. Although the source package is affected by the issue.
Ifeven unstable would not have included the sanbox binary then
'unimportant' would have been the better choice.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-03 08:18:00 UTC (rev 44977)
+++ data/CVE/list 2016-10-03 08:28:43 UTC (rev 44978)
@@ -2427,11 +2427,13 @@
RESERVED
{DLA-638-1}
- policycoreutils 2.5-3 (bug #838599)
- [jessie] - policycoreutils <not-affected> ("sandbox" executable not packaged in this version)
- [wheezy] - policycoreutils <not-affected> ("sandbox" executable not packaged in this version)
+ [jessie] - policycoreutils <no-dsa> ("sandbox" executable not packaged in this version)
+ [wheezy] - policycoreutils <no-dsa> ("sandbox" executable not packaged in this version)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1378577
NOTE: Upstream mailing list discussion: https://marc.info/?t=147463464400001&r=1&w=2
NOTE: Upstream fix: https://github.com/SELinuxProject/selinux/commit/acca96a135a4d2a028ba9b636886af99c0915379
+ NOTE: Marked as no-dsa since the sandbox binary is included in a binary package, although
+ NOTE: the source package is affected.
CVE-2016-7544
RESERVED
- libcrypto++ <not-affected> (Vulnerable code intorduced in 5.6.4, only affects Windows and Microsoft compilers)
More information about the Secure-testing-commits
mailing list