[Secure-testing-commits] r49302 - in data: . CVE
Antoine Beaupré
anarcat at moszumanska.debian.org
Tue Feb 28 16:07:02 UTC 2017
Author: anarcat
Date: 2017-02-28 16:07:02 +0000 (Tue, 28 Feb 2017)
New Revision: 49302
Modified:
data/CVE/list
data/dla-needed.txt
Log:
mark kgb-bot as no-dsa in wheezy
after a review of the issue, i couldn't find a simple fixed
the issue is also quite old and hasn't seen movement upstream
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-28 15:55:50 UTC (rev 49301)
+++ data/CVE/list 2017-02-28 16:07:02 UTC (rev 49302)
@@ -68719,6 +68719,8 @@
RESERVED
- kgb-bot <unfixed> (low; bug #776424)
[jessie] - kgb-bot <no-dsa> (Minor issue)
+ [wheezy] - kgb-bot <no-dsa> (Minor issue)
+ NOTE: no upstream fix yet
CVE-2015-1369 (SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js ...)
NOT-FOR-US: sequelize
CVE-2015-1354
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-02-28 15:55:50 UTC (rev 49301)
+++ data/dla-needed.txt 2017-02-28 16:07:02 UTC (rev 49302)
@@ -43,8 +43,6 @@
NOTE: No known solution as of 2017-01-20.
NOTE: 2017-01-20: Pinged upstream: https://bugs.ghostscript.com/show_bug.cgi?id=697457#c4
--
-kgb-bot (Antoine Beaupre)
---
libav (Hugo Lefeuvre)
NOTE: Upstream should provide new point-releases fixing open security issues in the next months.
NOTE: Lots of CVEs are open, this is going to take some time. (See debian-lts ML)
More information about the Secure-testing-commits
mailing list