[Secure-testing-commits] r51090 - in data: . CVE
Antoine Beaupré
anarcat at moszumanska.debian.org
Thu Apr 27 01:54:55 UTC 2017
Author: anarcat
Date: 2017-04-27 01:54:55 +0000 (Thu, 27 Apr 2017)
New Revision: 51090
Modified:
data/CVE/list
data/dla-needed.txt
Log:
lts: traffic server status update (n/a?)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-27 01:03:24 UTC (rev 51089)
+++ data/CVE/list 2017-04-27 01:54:55 UTC (rev 51090)
@@ -7471,8 +7471,10 @@
RESERVED
CVE-2017-5659 (Apache Traffic Server before 6.2.1 generates a coredump when there is ...)
- trafficserver 7.0.0-1
- NOTE: https://issues.apache.org/jira/browse/TS-4819
NOTE: https://issues.apache.org/jira/browse/TS-4507
+ NOTE: reproducer in https://issues.apache.org/jira/browse/TS-4819 (dupe of above)
+ NOTE: https://github.com/apache/trafficserver/pull/787/commits/85c021123fd94c4d97a6015484eb1d8054bec9eb
+ NOTE: evaluate related backport to 6.2: https://github.com/apache/trafficserver/pull/1153
CVE-2017-5658
RESERVED
CVE-2017-5657
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-04-27 01:03:24 UTC (rev 51089)
+++ data/dla-needed.txt 2017-04-27 01:54:55 UTC (rev 51090)
@@ -97,11 +97,12 @@
slurm-llnl (Raphaël Hertzog)
--
squirrelmail (Antoine Beaupré)
- NOTE: in coordination with the sec team, waiting for a possible
- NOTE: coordinated release
+ NOTE: in coordination with the sec team, waiting for a possible
+ NOTE: coordinated release
--
trafficserver
NOTE: maintainer contacted 2017-04-26
+ NOTE: reproducer doesn't crash server in a test VM - <not-affected>? --anarcat
--
tomcat7 (Markus Koschany)
NOTE: https://lists.debian.org/debian-lts/2017/04/msg00044.html
More information about the Secure-testing-commits
mailing list