[Secure-testing-commits] r48116 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Jan 16 20:58:49 UTC 2017
Author: carnil
Date: 2017-01-16 20:58:49 +0000 (Mon, 16 Jan 2017)
New Revision: 48116
Modified:
data/CVE/list
Log:
Mark two CVEs for libgit2 as unimporant
Still those two commits got two associated CVEs. The changes are adding
tests to prevent a regression in that area. Until MITRE rejects them,
just keep the CVE <-> commit reference associated and mark the CVE as
unimportant.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-16 20:50:04 UTC (rev 48115)
+++ data/CVE/list 2017-01-16 20:58:49 UTC (rev 48116)
@@ -377,12 +377,12 @@
RESERVED
CVE-2017-5339 [http: correct the expected error for RC4]
RESERVED
- - libgit2 <unfixed> (bug #851406)
+ - libgit2 <unfixed> (unimportant; bug #851406)
NOTE: https://github.com/libgit2/libgit2/commit/3829ba2e710553893faf6336cc6b2f3fc17a293e (v0.25.1)
NOTE: https://github.com/libgit2/libgit2/commit/d3cb8f64cde3b84c3d1543f122f989aeb2f6a69e (v0.24.1)
CVE-2017-5338 [http: perform 'badssl' check also via certificate callback]
RESERVED
- - libgit2 <unfixed> (bug #851406)
+ - libgit2 <unfixed> (unimportant; bug #851406)
NOTE: https://github.com/libgit2/libgit2/commit/98d66240ecb7765e191da19b535c75c92ccc90fe (v0.25.1)
NOTE: https://github.com/libgit2/libgit2/commit/ca531956619f021913ac01669b3818a705b7b676 (v0.24.6)
CVE-2016-10130 [http: check certificate validity before clobbering the error variable]
More information about the Secure-testing-commits
mailing list