[Secure-testing-commits] r44741 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon Sep 19 17:27:28 UTC 2016 

Author: jmm
Date: 2016-09-19 17:27:28 +0000 (Mon, 19 Sep 2016)
New Revision: 44741

Modified:
   data/CVE/list
Log:
remove cups-filters/foomatic-filters entry, no security impact
also drop cpio entry, no CVE ID to be assigned


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-09-19 15:32:17 UTC (rev 44740)
+++ data/CVE/list	2016-09-19 17:27:28 UTC (rev 44741)
@@ -17463,13 +17463,6 @@
 	- phpmyadmin 4:4.5.5.1-1 (low)
 	[jessie] - phpmyadmin <not-affected>
 	[wheezy] - phpmyadmin <not-affected>
-CVE-2016-XXXX [out-of-bounds reads]
-	- cpio <unfixed> (low; bug #815965)
-	[jessie] - cpio <no-dsa> (Minor issue)
-	[wheezy] - cpio <no-dsa> (Minor issue)
-	[squeeze] - cpio <no-dsa> (Minor issue)
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/25/8
-	NOTE: Disputed if it will recieve a CVE
 CVE-2016-2572 (http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after ...)
 	- squid3 <not-affected> (Only affects 4.x)
 	- squid <not-affected> (Only affects 4.x)
@@ -20205,16 +20198,15 @@
 	NOTE: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/filters.c?r1=1.196&r2=1.197
 	NOTE: http://www.openwall.com/lists/oss-security/2016/01/21/4
 CVE-2015-XXXX [buffer overflows in init_cups]
-	- cups-filters 1.6.0-1
-	[jessie] - cups-filters <no-dsa> (Minor issue)
-	[wheezy] - cups-filters <no-dsa> (Minor issue)
-	- foomatic-filters <unfixed>
+	- cups-filters 1.6.0-1 (unimportant)
+	- foomatic-filters <unfixed> (unimportant)
 	[jessie] - foomatic-filters <no-dsa> (Minor issue)
 	[wheezy] - foomatic-filters <no-dsa> (Minor issue)
 	[squeeze] - foomatic-filters 4.0.5-6+squeeze2+deb6u13
 	NOTE: workaround entry for DLA-399-1 until/if CVE assigned
 	NOTE: https://bugs.linuxfoundation.org/show_bug.cgi?id=1336
 	NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7431
+	NOTE: Doesn't cross any security boundary
 CVE-2016-1926 (Cross-site scripting (XSS) vulnerability in the charts module in ...)
 	NOT-FOR-US: Greenbone Security Assistant
 CVE-2016-1921

More information about the Secure-testing-commits mailing list