[Secure-testing-commits] r50436 - data/CVE

Fri Apr 7 15:36:18 UTC 2017

Author: jmm
Date: 2017-04-07 15:36:18 +0000 (Fri, 07 Apr 2017)
New Revision: 50436

Modified:
   data/CVE/list
Log:
yaml-cpp, cakephp, backintime no-dsa


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-04-07 13:21:34 UTC (rev 50435)
+++ data/CVE/list	2017-04-07 15:36:18 UTC (rev 50436)
@@ -10,6 +10,7 @@
 	RESERVED
 CVE-2017-7572 (The _checkPolkitPrivilege function in serviceHelper.py in Back In Time ...)
 	- backintime <unfixed>
+	[jessie] - backintime <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/04/07/2
 CVE-2017-7571 (public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is ...)
 	NOT-FOR-US: Faveo
@@ -4519,8 +4520,10 @@
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697548
 	NOTE: Fixed by: http://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;a=commitdiff;h=bfa6b2ecbe48edc69a7d9d22a12419aed25960b8
 CVE-2017-5950 (The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) ...)
-	- yaml-cpp <unfixed>
-	- yaml-cpp0.3 <unfixed>
+	- yaml-cpp <unfixed> (low)
+	[jessie] - yaml-cpp <no-dsa> (Minor issue)
+	- yaml-cpp0.3 <unfixed> (low)
+	[jessie] - yaml-cpp0.3 <no-dsa> (Minor issue)
 	NOTE: https://github.com/jbeder/yaml-cpp/issues/459
 CVE-2017-5949 (JavaScriptCore in WebKit, as distributed in Safari Technology Preview ...)
 	- webkitgtk <unfixed> (unimportant)
@@ -35977,6 +35980,7 @@
 CVE-2016-4793 (The clientIp function in CakePHP 3.2.4 and earlier allows remote ...)
 	{DLA-835-1}
 	- cakephp 2.8.3-1
+	[jessie] - cakephp <no-dsa> (Minor issue)
 	NOTE: http://legalhackers.com/advisories/CakePHP-IP-Spoofing-Vulnerability.txt
 	NOTE: https://bakery.cakephp.org/2016/03/13/cakephp_2613_2711_282_3017_3112_325_released.html
 	NOTE: Fixed by https://github.com/cakephp/cakephp/commit/48af49ddde16c8b99edb701f1c31283455b2b0b6


