[Secure-testing-commits] r48198 - in data: CVE DSA

Thu Jan 19 18:35:52 UTC 2017

Author: carnil
Date: 2017-01-19 18:35:52 +0000 (Thu, 19 Jan 2017)
New Revision: 48198

Modified:
   data/CVE/list
   data/DSA/list
Log:
Adjust the CVE assignments for python-pysaml2

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-01-19 17:46:49 UTC (rev 48197)
+++ data/CVE/list	2017-01-19 18:35:52 UTC (rev 48198)
@@ -805,12 +805,12 @@
 CVE-2016-10125 (D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded ...)
 	NOT-FOR-US: D-Link
 CVE-2016-10127 [XML external entity attack]
-	RESERVED
-	{DSA-3759-1}
+	- python-pysaml2 <unfixed>
+	NOTE: https://github.com/rohe/pysaml2/issues/366
+CVE-2016-10149 [CWE-776 (Entity Expansion)]
 	- python-pysaml2 3.0.0-5 (bug #850716)
-	NOTE: https://github.com/rohe/pysaml2/pull/379
+	NOTE: NOTE: https://github.com/rohe/pysaml2/pull/379
 	NOTE: https://github.com/rohe/pysaml2/commit/6e09a25d9b4b7aa7a506853210a9a14100b8bc9b
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/10/6
 CVE-2017-XXXX [multiple new security issues]
 	- w3m 0.5.3-34 (bug #850432)
 	[jessie] - w3m <no-dsa> (Minor issues)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2017-01-19 17:46:49 UTC (rev 48197)
+++ data/DSA/list	2017-01-19 18:35:52 UTC (rev 48198)
@@ -22,7 +22,7 @@
 	{CVE-2016-9646 CVE-2016-10026 CVE-2017-0356}
 	[jessie] - ikiwiki 3.20141016.4
 [12 Jan 2017] DSA-3759-1 python-pysaml2 - security update
-	{CVE-2016-10127}
+	{CVE-2016-10149}
 	[jessie] - python-pysaml2 2.0.0-1+deb8u1
 [11 Jan 2017] DSA-3758-1 bind9 - security update
 	{CVE-2016-9131 CVE-2016-9147 CVE-2016-9444}


