[Secure-testing-commits] r44993 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Oct 3 11:58:22 UTC 2016
Author: carnil
Date: 2016-10-03 11:58:22 +0000 (Mon, 03 Oct 2016)
New Revision: 44993
Modified:
data/CVE/list
Log:
Revert status to not-affected for CVE-2016-7545 as suggested by jmm, add explanation on exception for status tracking
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-03 11:52:55 UTC (rev 44992)
+++ data/CVE/list 2016-10-03 11:58:22 UTC (rev 44993)
@@ -2432,12 +2432,13 @@
RESERVED
{DLA-638-1}
- policycoreutils 2.5-3 (bug #838599)
- [jessie] - policycoreutils <no-dsa> ("sandbox" executable not packaged in this version)
+ [jessie] - policycoreutils <not-affected> ("sandbox" executable not packaged in this version)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1378577
NOTE: Upstream mailing list discussion: https://marc.info/?t=147463464400001&r=1&w=2
NOTE: Upstream fix: https://github.com/SELinuxProject/selinux/commit/acca96a135a4d2a028ba9b636886af99c0915379
- NOTE: Marked as no-dsa since the sandbox binary is included in a binary package, although
- NOTE: the source package is affected.
+ NOTE: Marked as exception as not-affected, although the source is affected but the built
+ NOTE: binary packages do not contain the sandbox binary. We cannot use 'unimportant'
+ NOTE: severity here since the unstable version builts a binary package which contains it.
CVE-2016-7544
RESERVED
- libcrypto++ <not-affected> (Vulnerable code intorduced in 5.6.4, only affects Windows and Microsoft compilers)
More information about the Secure-testing-commits
mailing list