[Secure-testing-commits] r50889 - in data: . CVE
Emilio Pozuelo Monfort
pochu at moszumanska.debian.org
Fri Apr 21 16:56:10 UTC 2017
Author: pochu
Date: 2017-04-21 16:56:10 +0000 (Fri, 21 Apr 2017)
New Revision: 50889
Modified:
data/CVE/list
data/dla-needed.txt
Log:
CVE-2015-9019/libxslt: tag as no-dsa for wheezy
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-21 16:39:43 UTC (rev 50888)
+++ data/CVE/list 2017-04-21 16:56:10 UTC (rev 50889)
@@ -1534,6 +1534,7 @@
CVE-2015-9019 (In libxslt 1.1.29 and earlier, the EXSLT math.random function was not ...)
- libxslt <unfixed> (low; bug #859796)
[jessie] - libxslt <no-dsa> (Minor issue)
+ [wheezy] - libxslt <no-dsa> (Minor issue)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758400
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=934119
CVE-2017-7444 (In Veritas System Recovery before 16 SP1, there is a DLL hijacking ...)
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-04-21 16:39:43 UTC (rev 50888)
+++ data/dla-needed.txt 2017-04-21 16:56:10 UTC (rev 50889)
@@ -57,11 +57,6 @@
libvpx (Emilio Pozuelo)
NOTE: The CVEs needs further triaging.
--
-libxslt (Emilio Pozuelo)
- NOTE: it's not clear whether libxslt (the library) should call srand() itself.
- NOTE: xsltproc 1.1.29 has a --seed-rand option, but that's not present in wheezy,
- NOTE: and it doesn't help for other libxslt users (e.g. php as seen on the SuSE bug).
---
linux
--
mcollective
More information about the Secure-testing-commits
mailing list