[Secure-testing-commits] r51002 - in data: . CVE

[Antoine Beaupré]

Author: anarcat
Date: 2017-04-24 18:18:42 +0000 (Mon, 24 Apr 2017)
New Revision: 51002

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
LTS: mark gnutls CVEs as no-dsa as they affect only OpenPGP stuff

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-24 16:05:11 UTC (rev 51001)
+++ data/CVE/list	2017-04-24 18:18:42 UTC (rev 51002)
@@ -668,6 +668,8 @@
 	- gnutls28 3.5.8-4
 	[jessie] - gnutls28 <no-dsa> (Minor issue)
 	- gnutls26 <removed>
+	[wheezy] - gnutls26 <no-dsa> (Minor issue)
+	NOTE: OpenPGP-related
 	NOTE: https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
 	NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-3
@@ -8872,18 +8874,24 @@
 	- gnutls28 3.5.8-1
 	[jessie] - gnutls28 <no-dsa> (Minor issue, will be fixed via point update)
 	- gnutls26 <removed>
+	[wheezy] - gnutls26 <no-dsa> (Minor issue)
+	NOTE: OpenPGP-related
 	NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-2
 	NOTE: https://gitlab.com/gnutls/gnutls/commit/94fcf1645ea17223237aaf8d19132e004afddc1a
 CVE-2017-5336 (Stack-based buffer overflow in the cdk_pk_get_keyid function in ...)
 	- gnutls28 3.5.8-1
 	[jessie] - gnutls28 <no-dsa> (Minor issue, will be fixed via point update)
 	- gnutls26 <removed>
+	[wheezy] - gnutls26 <no-dsa> (Minor issue)
+	NOTE: OpenPGP-related
 	NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-2
 	NOTE: https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732
 CVE-2017-5335 (The stream reading functions in lib/opencdk/read-packet.c in GnuTLS ...)
 	- gnutls28 3.5.8-1
 	[jessie] - gnutls28 <no-dsa> (Minor issue, will be fixed via point update)
 	- gnutls26 <removed>
+	[wheezy] - gnutls26 <no-dsa> (Minor issue)
+	NOTE: OpenPGP-related
 	NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-2
 	NOTE: https://gitlab.com/gnutls/gnutls/commit/49be4f7b82eba2363bb8d4090950dad976a77a3a
 CVE-2017-5334 (Double free vulnerability in the gnutls_x509_ext_import_proxy function ...)

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2017-04-24 16:05:11 UTC (rev 51001)
+++ data/dla-needed.txt	2017-04-24 18:18:42 UTC (rev 51002)
@@ -32,9 +32,6 @@
 fop
   NOTE: Maintainer contacted at 2017-04-23.
 --
-gnutls26 (Antoine Beaupre)
-  NOTE: Email sent to maintainer 2017-04-19. Give some time to respond.
---
 heimdal
   NOTE: Brian May is the maintainer
 --