[Secure-testing-commits] r47827 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Sun Jan 8 06:47:57 UTC 2017
Author: jmm
Date: 2017-01-08 06:47:56 +0000 (Sun, 08 Jan 2017)
New Revision: 47827
Modified:
data/CVE/list
Log:
vnc4 now a transitional package
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-08 06:44:30 UTC (rev 47826)
+++ data/CVE/list 2017-01-08 06:47:56 UTC (rev 47827)
@@ -64080,8 +64080,8 @@
[jessie] - yap <no-dsa> (Minor issue)
[squeeze] - yap <no-dsa> (Minor issue)
[wheezy] - yap <no-dsa> (Minor issue)
- - vnc4 <unfixed> (unimportant; bug #778403)
- NOTE: affected code not built in vnc4
+ - vnc4 4.1.1+X4.3.0+t-1 (unimportant; bug #778403)
+ NOTE: affected code not built in vnc4, starting with 4.1.1+X4.3.0+t-1 it's a transitional package
- sma <not-affected> (Local regex copy only used when building on Windows, see #778411)
- clamav 0.98.7+dfsg-1 (unimportant; bug #778406)
[jessie] - clamav 0.98.7+dfsg-0+deb8u1
@@ -95404,9 +95404,10 @@
CVE-2014-0011 [ZRLE decoding bounds checking issue]
RESERVED
- tigervnc <not-affected> (Fixed before initial release in Debian)
- - vnc4 <unfixed> (unimportant)
+ - vnc4 4.1.1+X4.3.0+t-1 (unimportant)
NOTE: may affect related *VNC implementations if built with NDEBUG
NOTE: e.g. vnc4 seems to have similar code in common/rfb/zrleDecode.h
+ NOTE: starting with 4.1.1+X4.3.0+t-1 it's a transitional package
CVE-2014-0010 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
- moodle 2.5.4-1
[squeeze] - moodle <not-affected> (Code correctly checks session key)
More information about the Secure-testing-commits
mailing list