[Secure-testing-commits] r53376 - in data: . CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Tue Jul 11 10:05:34 UTC 2017
Author: hertzog
Date: 2017-07-11 10:05:34 +0000 (Tue, 11 Jul 2017)
New Revision: 53376
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Clarify status of CVE-2017-9833
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-11 09:50:17 UTC (rev 53375)
+++ data/CVE/list 2017-07-11 10:05:34 UTC (rev 53376)
@@ -1896,7 +1896,10 @@
CVE-2017-9834
RESERVED
CVE-2017-9833 (/cgi-bin/wapopen in BOA Webserver 0.94.14rc21 allows the injection of ...)
- - boa <removed>
+ NOT-FOR-US: Undetermined product
+ NOTE: /wapopen is not part of BOA, it's probably an insecure CGI
+ NOTE: script used in some embedded product relying on BOA as webserver.
+ NOTE: I asked Mitre to reject the CVE. -- Raphael Hertzog
CVE-2017-9832 (An integer overflow vulnerability in ptp-pack.c (ptp_unpack_OPL ...)
- libmtp 1.1.13-1
[jessie] - libmtp <no-dsa> (Minor issue; can be fixed in a point release)
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-07-11 09:50:17 UTC (rev 53375)
+++ data/dla-needed.txt 2017-07-11 10:05:34 UTC (rev 53376)
@@ -12,10 +12,6 @@
--
bind9 (Thorsten Alteholz)
--
-boa
- NOTE: only available in Wheezy and orphaned
- NOTE: Should probably be marked unsupported: https://lists.debian.org/debian-lts/2017/06/msg00145.html
---
ca-certificates (Antoine Beaupré)
NOTE: 2017-03-27: maintainer will handle the upload, see https://lists.debian.org/1acb8e97-8c9f-8b54-348c-0c12f53a8839@pbandjelly.org
NOTE: 2017-05-12: Pinged the maintainer -- Raphael Hertzog
More information about the Secure-testing-commits
mailing list