[Secure-testing-commits] r50226 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Mar 31 14:50:12 UTC 2017
Author: jmm
Date: 2017-03-31 14:50:12 +0000 (Fri, 31 Mar 2017)
New Revision: 50226
Modified:
data/CVE/list
Log:
initial ntp triage
libgit no-dsa/not-affected
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-31 11:14:25 UTC (rev 50225)
+++ data/CVE/list 2017-03-31 14:50:12 UTC (rev 50226)
@@ -2440,23 +2440,25 @@
- ntp 1:4.2.8p10+dfsg-1
NOTE: http://support.ntp.org/bin/view/Main/NtpBug3387
CVE-2017-6462 (Buffer overflow in the legacy Datum Programmable Time Server (DPTS) ...)
- - ntp 1:4.2.8p10+dfsg-1
- [wheezy] - ntp <no-dsa> (Minor issue)
+ - ntp 1:4.2.8p10+dfsg-1 (unimportant)
NOTE: http://support.ntp.org/bin/view/Main/NtpBug3388
+ NOTE: Obscure legacy feature, no real impact
CVE-2017-6461
REJECTED
CVE-2017-6460 (Stack-based buffer overflow in the reslist function in ntpq in NTP ...)
- ntp 1:4.2.8p10+dfsg-1
+ [jessie] - ntp <not-affected> (Vulnerable code not present)
+ [wheezy] - ntp <not-affected> (Vulnerable code not present)
NOTE: http://support.ntp.org/bin/view/Main/NtpBug3377
+ NOTE: https://cure53.de/pentest-report_ntp.pdf
CVE-2017-6459 (The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 ...)
- ntp <not-affected> (NTP on Windows)
NOTE: http://support.ntp.org/bin/view/Main/NtpBug3382
CVE-2017-6458 (Multiple buffer overflows in the ctl_put* functions in NTP before ...)
- - ntp 1:4.2.8p10+dfsg-1
- [wheezy] - ntp <no-dsa> (Minor issue)
+ - ntp 1:4.2.8p10+dfsg-1 (unimportant)
NOTE: http://support.ntp.org/bin/view/Main/NtpBug3379
- NOTE: The vulnerability can only be triggered by adding very long
- NOTE: variable names (200 bytes or more) in ntpd.conf file.
+ NOTE: https://cure53.de/pentest-report_ntp.pdf
+ NOTE: This is not a vulnerability per se, but a weakness in an internal helper function
CVE-2017-6457
REJECTED
CVE-2017-6456
@@ -6505,14 +6507,17 @@
NOTE: https://github.com/libgit2/libgit2/commit/ca531956619f021913ac01669b3818a705b7b676 (v0.24.6)
CVE-2016-10130 (The http_connect function in transports/http.c in libgit2 before ...)
- libgit2 <unfixed> (bug #851406)
+ [jessie] - libgit2 <not-affected> (Vulnerable code not present)
NOTE: https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22 (v0.25.1)
NOTE: https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211 (v0.24.6)
CVE-2016-10129 (The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x ...)
- libgit2 <unfixed> (bug #851406)
+ [jessie] - libgit2 <no-dsa> (Minor issue)
NOTE: https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a (v0.25.1)
NOTE: https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037 (v0.24.6)
CVE-2016-10128 (Buffer overflow in the git_pkt_parse_line function in ...)
- libgit2 <unfixed> (bug #851406)
+ [jessie] - libgit2 <no-dsa> (Minor issue)
NOTE: https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834 (v0.25.1)
NOTE: https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2 (v0.24.6)
CVE-2016-10126 (Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before ...)
More information about the Secure-testing-commits
mailing list