[Secure-testing-commits] r45642 - in data: . CVE
Ola Lundqvist
opal at moszumanska.debian.org
Wed Oct 26 20:03:57 UTC 2016
Author: opal
Date: 2016-10-26 20:03:57 +0000 (Wed, 26 Oct 2016)
New Revision: 45642
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Marked gcc-mingw-w64 and mingw32 as no-dsa for CVE-2016-4973.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-26 19:56:13 UTC (rev 45641)
+++ data/CVE/list 2016-10-26 20:03:57 UTC (rev 45642)
@@ -13012,7 +13012,9 @@
- gcc-4.9 <not-affected> (Uses glibc-internal SSP)
- gcc-mingw-w64 <unfixed>
[jessie] - gcc-mingw-w64 <no-dsa> (Minor issue)
+ [wheezy] - gcc-mingw-w64 <no-dsa> (Minor issue)
- mingw32 <removed>
+ [wheezy] - mingw32 <no-dsa> (Minor issue)
CVE-2016-4972 (OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), ...)
- murano 1:2.0.1-1 (bug #828062)
NOTE: Affects: Murano: <=2015.1.1; <=1.0.2; ==2.0.0
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2016-10-26 19:56:13 UTC (rev 45641)
+++ data/dla-needed.txt 2016-10-26 20:03:57 UTC (rev 45642)
@@ -14,11 +14,6 @@
dwarfutils
NOTE: New round of CVEs not seemingly covered by DLA 669-1.
--
-gcc-mingw-w64
- NOTE: CVE-2016-4973 isn't gaining any traction, upstream doesn't
- agree that it's a security issue, and the proposed fix doesn't work
- (and no progress is being made on it AFAICT).
---
graphicsmagick (Antoine Beaupré)
--
icu (Roberto C. Sánchez)
@@ -64,8 +59,6 @@
--
linux
--
-mingw32
---
openjdk-7 (Guido Günther)
NOTE: contacted maintainers wether they're preparing a package in exp
--
More information about the Secure-testing-commits
mailing list