[Secure-testing-commits] r52579 - in data: CVE DLA

[Salvatore Bonaccorso]

Author: carnil
Date: 2017-06-15 06:00:53 +0000 (Thu, 15 Jun 2017)
New Revision: 52579

Modified:
   data/CVE/list
   data/DLA/list
Log:
Update information for CVE-2015-9097

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-06-15 05:53:49 UTC (rev 52578)
+++ data/CVE/list	2017-06-15 06:00:53 UTC (rev 52579)
@@ -150,8 +150,6 @@
 	RESERVED
 CVE-2017-9552 (A design flaw in authentication in Synology Photo Station 6.0-2528 ...)
 	NOT-FOR-US: Synology Photo Station
-CVE-2015-9097 (The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is ...)
-	TODO: check
 CVE-2015-9096 (Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection ...)
 	TODO: check
 CVE-2017-9551
@@ -56135,10 +56133,8 @@
 	- foomatic-filters 4.0.17-7 (bug #807993)
 	NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419
 	NOTE: http://www.openwall.com/lists/oss-security/2015/12/13/2
-CVE-2015-XXXX [ruby-mail: SMTP injection via recipient email addresses]
+CVE-2015-9097 [ruby-mail: SMTP injection via recipient email addresses]
 	- ruby-mail 2.6.1+dfsg1-1
-	[wheezy] - ruby-mail 2.4.4-2+deb7u1
-	NOTE: Workaround entry for DLA-489-1 (since no CVE for this issue)
 	NOTE: https://github.com/mikel/mail/commit/72befdc4dab3e6e288ce226a7da2aa474cf5be83
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/12/11/3
 	NOTE: Fixed in 2.6.0

Modified: data/DLA/list
===================================================================
--- data/DLA/list	2017-06-15 05:53:49 UTC (rev 52578)
+++ data/DLA/list	2017-06-15 06:00:53 UTC (rev 52579)
@@ -1509,6 +1509,7 @@
 	{CVE-2014-5015 CVE-2015-8212}
 	[wheezy] - bozohttpd 20111118-1+deb7u1
 [25 May 2016] DLA-489-1 ruby-mail - security update
+	{CVE-2015-9097}
 	[wheezy] - ruby-mail 2.4.4-2+deb7u1
 [25 May 2016] DLA-488-1 xymon - security update
 	{CVE-2016-2054 CVE-2016-2055 CVE-2016-2056 CVE-2016-2058}