[Secure-testing-commits] r48994 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Feb 16 12:28:06 UTC 2017 

Author: jmm
Date: 2017-02-16 12:28:06 +0000 (Thu, 16 Feb 2017)
New Revision: 48994

Modified:
   data/CVE/list
Log:
new openssl 1.1 issue
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-02-16 09:10:12 UTC (rev 48993)
+++ data/CVE/list	2017-02-16 12:28:06 UTC (rev 48994)
@@ -6122,6 +6122,11 @@
 	RESERVED
 CVE-2017-3733
 	RESERVED
+	- openssl <unfixed>
+	- openssl1.0 <not-affected> (Only affects 1.1)
+	[jessie] - openssl <not-affected> (Only affects 1.1)
+	[wheezy] - openssl <not-affected> (Only affects 1.1)
+	NOTE: https://www.openssl.org/news/secadv/20170216.txt
 CVE-2017-3732
 	RESERVED
 	- openssl 1.1.0d-1
@@ -25549,9 +25554,9 @@
 	NOTE: The problem as well only arises with docker fork in RedHat, not with upstream docker
 	NOTE: https://github.com/projectatomic/oci-register-machine/pull/22
 CVE-2016-6287 (The "http-client" egg always used a HTTP_PROXY environment variable to ...)
-	TODO: check
+	NOT-FOR-US: Addons for Chicken
 CVE-2016-6286 (The "spiffy-cgi-handlers" egg would convert a nonexistent "Proxy" ...)
-	TODO: check
+	NOT-FOR-US: Addons for Chicken
 CVE-2016-6285 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Atlassian JIRA
 CVE-2016-6284
@@ -26603,11 +26608,11 @@
 CVE-2016-6080 (The WebAdmin context for WebSphere Message Broker allows directory ...)
 	NOT-FOR-US: IBM
 CVE-2016-6079 (IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2016-6078
 	RESERVED
 CVE-2016-6077 (IBM Cognos Disclosure Management 10.2 could allow a malicious attacker ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2016-6076
 	RESERVED
 CVE-2016-6075
@@ -26641,7 +26646,7 @@
 CVE-2016-6061 (IBM Jazz Foundation is vulnerable to cross-site scripting. This ...)
 	NOT-FOR-US: IBM
 CVE-2016-6060 (An undisclosed vulnerability in IBM Rational DOORS Next Generation ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2016-6059 (IBM InfoSphere Information Server is vulnerable to a denial of ...)
 	NOT-FOR-US: IBM
 CVE-2016-6058

More information about the Secure-testing-commits mailing list