[Secure-testing-commits] r48403 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Jan 26 07:56:58 UTC 2017
Author: carnil
Date: 2017-01-26 07:56:58 +0000 (Thu, 26 Jan 2017)
New Revision: 48403
Modified:
data/CVE/list
Log:
Mark CVE-2014-3495 as unimportant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-26 06:11:59 UTC (rev 48402)
+++ data/CVE/list 2017-01-26 07:56:58 UTC (rev 48403)
@@ -86346,10 +86346,10 @@
NOT-FOR-US: OpenShift Origin
CVE-2014-3495 [improper verification of SSL certificates]
RESERVED
- - duplicity <unfixed> (low; bug #751902)
- [jessie] - duplicity <no-dsa> (Minor issue)
- [wheezy] - duplicity <no-dsa> (Minor issue)
- [squeeze] - duplicity <no-dsa> (Minor issue)
+ - duplicity <unfixed> (unimportant; bug #751902)
+ NOTE: Since python-boto 2.6.0, cf. #751902, boto's default is now to enable
+ NOTE: certificate verification. This is as such only a issue if using boto's
+ NOTE: version outside of the packaged one in Debian.
CVE-2014-3494 (kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs ...)
- kde4libs 4:4.13.3-1 (bug #752052)
[wheezy] - kde4libs <not-affected> (Affects kdelibs 4.10.95 to 4.13.2)
More information about the Secure-testing-commits
mailing list