[Secure-testing-commits] r48392 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Jan 26 05:21:12 UTC 2017
Author: carnil
Date: 2017-01-26 05:21:12 +0000 (Thu, 26 Jan 2017)
New Revision: 48392
Modified:
data/CVE/list
Log:
Update CVE-2016-5361/libreswan
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-26 05:14:11 UTC (rev 48391)
+++ data/CVE/list 2017-01-26 05:21:12 UTC (rev 48392)
@@ -27218,7 +27218,7 @@
[jessie] - bsdiff <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=372525
CVE-2016-5361 (programs/pluto/ikev1.c in libreswan before 3.17 retransmits in ...)
- - libreswan <unfixed>
+ - libreswan <not-affected> (Fixed before initial upload to Debian)
NOTE: Possibly the CVE should be rejected: http://www.openwall.com/lists/oss-security/2016/06/13/1
NOTE: MITRE has not assigned the CVE to the protocol flaw, but specific to libreswan, but as
NOTE: Huzaifa Sidhpurwala <huzaifas at redhat.com> pointed out that is not a libreswan issue, rather
More information about the Secure-testing-commits
mailing list