[Secure-testing-commits] r45283 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Oct 13 16:13:17 UTC 2016


Author: carnil
Date: 2016-10-13 16:13:16 +0000 (Thu, 13 Oct 2016)
New Revision: 45283

Modified:
   data/CVE/list
Log:
Mark CVE-2016-6349 as NFU, associate with oci-register-machine

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-10-13 16:04:10 UTC (rev 45282)
+++ data/CVE/list	2016-10-13 16:13:16 UTC (rev 45283)
@@ -6946,7 +6946,7 @@
 	NOT-FOR-US: OpenBSD
 CVE-2016-6349 [information exposure for docker containers]
 	RESERVED
-	- systemd <unfixed> (unimportant)
+	NOT-FOR-US: oci-register-machine
 	NOTE: http://www.openwall.com/lists/oss-security/2016/07/26/5
 	NOTE: Requirement is that docker containers would register themselves to
 	NOTE: to systemd-machined by oci-register-machine (not packaged in Debian,
@@ -6954,6 +6954,7 @@
 	NOTE: not applied to docker.io).
 	NOTE: https://github.com/systemd/systemd/issues/3815
 	NOTE: The problem as well only arises with docker fork in RedHat, not with upstream docker
+	NOTE: https://github.com/projectatomic/oci-register-machine/pull/22
 CVE-2016-6287
 	RESERVED
 CVE-2016-6286




More information about the Secure-testing-commits mailing list