[Secure-testing-commits] r48404 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Jan 26 08:05:15 UTC 2017
Author: carnil
Date: 2017-01-26 08:05:15 +0000 (Thu, 26 Jan 2017)
New Revision: 48404
Modified:
data/CVE/list
Log:
Tweak CVE-2014-3495 entry as discussed on IRC
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-26 07:56:58 UTC (rev 48403)
+++ data/CVE/list 2017-01-26 08:05:15 UTC (rev 48404)
@@ -86346,10 +86346,13 @@
NOT-FOR-US: OpenShift Origin
CVE-2014-3495 [improper verification of SSL certificates]
RESERVED
- - duplicity <unfixed> (unimportant; bug #751902)
+ - duplicity 0.6.21-1 (low; bug #751902)
+ [wheezy] - duplicity <no-dsa> (Minor issue)
NOTE: Since python-boto 2.6.0, cf. #751902, boto's default is now to enable
NOTE: certificate verification. This is as such only a issue if using boto's
- NOTE: version outside of the packaged one in Debian.
+ NOTE: version outside of the packaged one in Debian. Mark 0.6.21-1 as fixing
+ NOTE: version since this is the first upload to unstable after python-boto
+ NOTE: 2.8.0-1 was uploaded.
CVE-2014-3494 (kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs ...)
- kde4libs 4:4.13.3-1 (bug #752052)
[wheezy] - kde4libs <not-affected> (Affects kdelibs 4.10.95 to 4.13.2)
More information about the Secure-testing-commits
mailing list