[Secure-testing-commits] r49228 - data/CVE

Michael Gilbert mgilbert at moszumanska.debian.org
Sun Feb 26 04:41:10 UTC 2017 

Author: mgilbert
Date: 2017-02-26 04:41:10 +0000 (Sun, 26 Feb 2017)
New Revision: 49228

Modified:
   data/CVE/list
Log:
stretch no-dsa for policykit, busybox issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-02-26 04:18:42 UTC (rev 49227)
+++ data/CVE/list	2017-02-26 04:41:10 UTC (rev 49228)
@@ -38441,6 +38441,7 @@
 	NOTE: Upstream confirmed it does not affect squid 2.7.x
 CVE-2016-2568 (pkexec, when used with --user nonpriv, allows local users to escape to ...)
 	- policykit-1 <unfixed> (bug #816062; bug #812512)
+	[stretch] - policykit-1 <no-dsa> (Minor issue)
 	[jessie] - policykit-1 <no-dsa> (Minor issue)
 	[wheezy] - policykit-1 <no-dsa> (Minor issue)
 	NOTE: Restricting ioctl on the kernel side seems the better approach
@@ -40064,11 +40065,13 @@
 	NOT-FOR-US: OpenShift
 CVE-2016-2148 (Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox ...)
 	- busybox <unfixed> (bug #818497)
+	[stretch] - busybox <no-dsa> (Minor issue)
 	[jessie] - busybox <no-dsa> (Minor issue)
 	[wheezy] - busybox <no-dsa> (Minor issue)
 	NOTE: https://git.busybox.net/busybox/commit/?id=352f79acbd759c14399e39baef21fc4ffe180ac2
 CVE-2016-2147 (Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 ...)
 	- busybox <unfixed> (bug #818499)
+	[stretch] - busybox <no-dsa> (Minor issue)
 	[jessie] - busybox <no-dsa> (Minor issue)
 	[wheezy] - busybox <no-dsa> (Minor issue)
 	NOTE: https://git.busybox.net/busybox/commit/?id=d474ffc68290e0a83651c4432eeabfa62cd51e87
@@ -49087,6 +49090,7 @@
 	NOTE: http://git.ganeti.org/?p=ganeti.git;a=commit;h=201fcb916b8164c78f4ed8e0c9cfc0227a78684c
 CVE-2015-XXXX [busybox: pointer misuse unziping files]
 	- busybox <unfixed> (bug #803097)
+	[stretch] - busybox <no-dsa> (Minor issue)
 	[jessie] - busybox <no-dsa> (Minor issue)
 	[wheezy] - busybox <no-dsa> (Minor issue)
 	[squeeze] - busybox 1:1.17.1-8+deb6u11
@@ -56146,6 +56150,7 @@
 CVE-2011-5325 [Directory traversal via crafted tar file which contains a symlink pointing outside of the current directory]
 	RESERVED
 	- busybox <unfixed> (bug #802702)
+	[stretch] - busybox <no-dsa> (Minor issue)
 	[jessie] - busybox <no-dsa> (Minor issue)
 	[wheezy] - busybox <no-dsa> (Minor issue)
 	[squeeze] - busybox <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list