[Secure-testing-commits] r45414 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Tue Oct 18 09:07:07 UTC 2016
Author: jmm
Date: 2016-10-18 09:07:07 +0000 (Tue, 18 Oct 2016)
New Revision: 45414
Modified:
data/CVE/list
Log:
new tor issue
bundler no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-18 08:13:20 UTC (rev 45413)
+++ data/CVE/list 2016-10-18 09:07:07 UTC (rev 45414)
@@ -1,3 +1,8 @@
+CVE-2016-XXXX [tor DoS]
+ - tor 0.2.8.9-1
+ NOTE: https://trac.torproject.org/projects/tor/ticket/20384
+ NOTE: https://blog.torproject.org/blog/tor-0289-released-important-fixes
+ NOTE: https://github.com/torproject/tor/commit/3cea86eb2fbb65949673eb4ba8ebb695c87a57ce
CVE-2016-8673
RESERVED
CVE-2016-8672
@@ -2536,7 +2541,8 @@
RESERVED
CVE-2016-7954 [code execution via gem name collission in bundler]
RESERVED
- - bundler <unfixed>
+ - bundler <unfixed>
+ [jessie] - bundler <no-dsa> (Minor issue, too intrusive to backport)
NOTE: http://www.openwall.com/lists/oss-security/2016/10/04/5
NOTE: There is no plan (yet) from upstream to address this for bundler 1.x
NOTE: due to lockfile format.
@@ -37742,6 +37748,7 @@
[wheezy] - glance <not-affected> (Affects Glance 2015.1 versions trough 2015.1.1)
CVE-2015-5162 (The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; ...)
- cinder <unfixed>
+ [jessie] - cinder <no-dsa> (Minor issue)
- glance <unfixed> (low)
[jessie] - glance <no-dsa> (Minor issue)
[wheezy] - glance <end-of-life> (not supported in Wheezy)
More information about the Secure-testing-commits
mailing list