[Secure-testing-commits] r48390 - data/CVE
László Böszörményi
gcs at moszumanska.debian.org
Thu Jan 26 04:53:54 UTC 2017
Author: gcs
Date: 2017-01-26 04:53:54 +0000 (Thu, 26 Jan 2017)
New Revision: 48390
Modified:
data/CVE/list
Log:
libreswan is uploaded to Sid
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-25 23:15:42 UTC (rev 48389)
+++ data/CVE/list 2017-01-26 04:53:54 UTC (rev 48390)
@@ -27222,7 +27222,7 @@
[jessie] - bsdiff <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=372525
CVE-2016-5361 (programs/pluto/ikev1.c in libreswan before 3.17 retransmits in ...)
- - libreswan <itp> (bug #773459)
+ - libreswan <unfixed>
NOTE: Possibly the CVE should be rejected: http://www.openwall.com/lists/oss-security/2016/06/13/1
NOTE: MITRE has not assigned the CVE to the protocol flaw, but specific to libreswan, but as
NOTE: Huzaifa Sidhpurwala <huzaifas at redhat.com> pointed out that is not a libreswan issue, rather
@@ -34593,7 +34593,7 @@
CVE-2016-3072 (Multiple SQL injection vulnerabilities in the scoped_search function ...)
NOT-FOR-US: Katello
CVE-2016-3071 (Libreswan 3.16 might allow remote attackers to cause a denial of ...)
- - libreswan <itp> (bug #773459)
+ - libreswan <unfixed>
CVE-2016-3070 (The trace_writeback_dirty_page implementation in ...)
{DSA-3607-1}
- linux 4.4.2-1
@@ -60228,7 +60228,7 @@
- openswan <removed>
[squeeze] - openswan <end-of-life> (Not supported in Squeeze LTS)
[wheezy] - openswan <end-of-life> (Not supported in Wheezy LTS)
- - libreswan <itp> (bug #773459)
+ - libreswan <unfixed>
NOTE: https://libreswan.org/security/CVE-2015-3240/
TODO: check
CVE-2015-3239 (Off-by-one error in the dwarf_to_unw_regnum function in ...)
@@ -60444,7 +60444,7 @@
[squeeze] - libmimedir <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1222251
CVE-2015-3204 (libreswan 3.9 through 3.12 allows remote attackers to cause a denial ...)
- - libreswan <itp> (bug #773459)
+ - libreswan <unfixed>
CVE-2015-3203 (Unrestricted file upload vulnerability in h5ai before 0.25.0 allows ...)
NOT-FOR-US: h5ai
CVE-2015-3202 (fusermount in FUSE before 2.9.3-15 does not properly clear the ...)
@@ -93106,7 +93106,7 @@
CVE-2013-7286
RESERVED
CVE-2013-7283 (Race condition in the libreswan.spec files for Red Hat Enterprise ...)
- - libreswan <itp> (bug #773459)
+ - libreswan <unfixed>
CVE-2013-7282 (The management web interface on the Nisuta NS-WIR150NE router with ...)
NOT-FOR-US: Nisuta NS-WIR150NE router
CVE-2013-7280 (Buffer overflow in HansoTools Hanso Player 2.1.0, 2.5.0, and earlier ...)
@@ -102717,7 +102717,7 @@
[wheezy] - xlhtml <no-dsa> (Minor issue)
[squeeze] - xlhtml <no-dsa> (Minor issue)
CVE-2013-4564 (Libreswan 3.6 allows remote attackers to cause a denial of service ...)
- - libreswan <itp> (bug #773459)
+ - libreswan <unfixed>
CVE-2013-4563 (The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux ...)
- linux-2.6 <not-affected> (Introduced in v3.10-rc5)
- linux 3.11.10-1
@@ -109735,7 +109735,7 @@
{DSA-2893-1}
- openswan <removed> (low; bug #709144)
CVE-2013-2052 (Buffer overflow in the atodn function in libreswan 3.0 and 3.1, when ...)
- - libreswan <itp> (bug #773459)
+ - libreswan <unfixed>
CVE-2013-2051 (The Tomcat 6 DIGEST authentication functionality as used in Red Hat ...)
- tomcat6 <not-affected> (RedHat-specific issue)
- tomcat7 <not-affected> (RedHat-specific issue)
More information about the Secure-testing-commits
mailing list