[Secure-testing-commits] r45116 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Oct 6 22:00:12 UTC 2016 

Author: jmm
Date: 2016-10-06 22:00:12 +0000 (Thu, 06 Oct 2016)
New Revision: 45116

Modified:
   data/CVE/list
Log:
simplesamlphp unimportant
9base unimportant


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-10-06 21:45:31 UTC (rev 45115)
+++ data/CVE/list	2016-10-06 22:00:12 UTC (rev 45116)
@@ -17454,13 +17454,12 @@
 	REJECTED
 CVE-2016-3124 [Information leakage issue in the sanitycheck module]
 	RESERVED
-	- simplesamlphp 1.14.1-1 (bug #817162)
-	[jessie] - simplesamlphp <no-dsa> (Minor issue)
-	[wheezy] - simplesamlphp <no-dsa> (Minor issue)
+	- simplesamlphp 1.14.1-1 (unimportant; bug #817162)
 	NOTE: https://simplesamlphp.org/security/201603-01
 	NOTE: Fixed upstream in 1.14.1
 	NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/952027dd7f794ff4b2d4f5eddf549c5b5070fa38
 	NOTE: http://www.openwall.com/lists/oss-security/2016/03/08/4
+	NOTE: Not treated as a security issue, many components in Debian reveal the release in use
 CVE-2016-2855 (The Huawei Mobile Broadband HL Service 22.001.25.00.03 and earlier ...)
 	NOT-FOR-US: Huawei
 CVE-2016-2852
@@ -28542,11 +28541,6 @@
 	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/systemd/systemd/issues/1822
 	NOTE: Issue in Linux related to unprivileged CLONE_NEWUSER affecting systemd, but we disable unprivileged use by default
-CVE-2015-XXXX [update-smart-drivedb downloads unauthenticated data from the web]
-	- smartmontools 6.4+svn4214-1 (low; bug #804299)
-	[jessie] - smartmontools <no-dsa> (Minor issue)
-	[wheezy] - smartmontools <no-dsa> (Minor issue)
-	[squeeze] - smartmontools <no-dsa> (Minor issue)
 CVE-2015-8125 (Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before ...)
 	{DSA-3402-1}
 	- symfony 2.7.7+dfsg-1
@@ -73059,10 +73053,9 @@
 	NOTE: Only in the test suite, not part of the standard package
 CVE-2014-1935 [insecure use of /tmp]
 	RESERVED
-	- 9base <unfixed> (low; bug #737206)
-	[jessie] - 9base <no-dsa> (Minor issue)
-	[wheezy] - 9base <no-dsa> (Minor issue)
+	- 9base <unfixed> (unimportant; bug #737206)
 	[squeeze] - 9base <no-dsa> (Minor issue)
+	NOTE: Not exploitable with kernel hardening since wheezy
 CVE-2014-1934 (tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for ...)
 	- eyed3 0.6.18-3 (low; bug #737062)
 	[jessie] - eyed3 <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list