[Secure-testing-commits] r51074 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2017-04-26 17:59:13 +0000 (Wed, 26 Apr 2017)
New Revision: 51074

Modified:
   data/CVE/list
Log:
Adjust status for CVE-2016-10345/passenger

Mark as unimportant since the affected script is not installed in any
binary package in Debian.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-26 17:53:55 UTC (rev 51073)
+++ data/CVE/list	2017-04-26 17:59:13 UTC (rev 51074)
@@ -897,9 +897,9 @@
 CVE-2017-7895
 	RESERVED
 CVE-2016-10345 (In Phusion Passenger before 5.1.0, a known /tmp filename was used ...)
-	- passenger <unfixed>
+	- passenger <unfixed> (unimportant)
 	NOTE: https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441
-	NOTE: Likely unimportant due to kernel hardening, but needs further investigation
+	NOTE: Source present, but passenger-install-nginx-module not installed
 CVE-2016-10344
 	RESERVED
 CVE-2016-10343