[Secure-testing-commits] r51858 - in data: CVE DLA DSA

[Salvatore Bonaccorso]

Author: carnil
Date: 2017-05-23 04:35:09 +0000 (Tue, 23 May 2017)
New Revision: 51858

Modified:
   data/CVE/list
   data/DLA/list
   data/DSA/list
Log:
Cleanup CVE-2016-5483 reference, got REJECTED in favour of CVE-2017-3600

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-05-23 04:21:24 UTC (rev 51857)
+++ data/CVE/list	2017-05-23 04:35:09 UTC (rev 51858)
@@ -15979,7 +15979,12 @@
 	[jessie] - mariadb-10.0 10.0.28-0+deb8u1
 	- mysql-5.7 5.7.18-1 (bug #860547)
 	- mysql-5.5 <removed> (bug #860544)
-	NOTE: This is the same as CVE-2016-5483 but duplicated CVE by Oracle
+	NOTE: https://blog.tarq.io/cve-2016-5483-backdooring-mysqldump-backups/
+	NOTE: Affected according to blogpost: MySQL all versions, MariaDB <= 5.5.52 and < 10.1
+	NOTE: Per MariaDB Security fixed with the following three commits:
+	NOTE: https://github.com/MariaDB/server/commit/5a43a31ee81bc181eeb5ef2bf0704befa6e0594d
+	NOTE: https://github.com/MariaDB/server/commit/01b39b7b0730102b88d8ea43ec719a75e9316a1e
+	NOTE: https://github.com/MariaDB/server/commit/383007c75d6ef5043fa5781956a6a02b24e2b79e
 CVE-2017-3599 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
 	- mysql-5.7 5.7.18-1 (bug #860547)
 	- mysql-5.5 <not-affected> (ONly affects MySQL 5.6 and 5.7)
@@ -37743,18 +37748,6 @@
 	REJECTED
 CVE-2016-5483
 	REJECTED
-	{DSA-3834-1 DLA-916-1}
-	- mariadb-10.1 <not-affected> (Fixed before initial upload to Debian)
-	- mariadb-10.0 10.0.28-1
-	[jessie] - mariadb-10.0 10.0.28-0+deb8u1
-	- mysql-5.7 5.7.18-1
-	- mysql-5.5 <removed>
-	NOTE: https://blog.tarq.io/cve-2016-5483-backdooring-mysqldump-backups/
-	NOTE: Affected according to blogpost: MySQL all versions, MariaDB <= 5.5.52 and < 10.1
-	NOTE: Per MariaDB Security fixed with the following three commits:
-	NOTE: https://github.com/MariaDB/server/commit/5a43a31ee81bc181eeb5ef2bf0704befa6e0594d
-	NOTE: https://github.com/MariaDB/server/commit/01b39b7b0730102b88d8ea43ec719a75e9316a1e
-	NOTE: https://github.com/MariaDB/server/commit/383007c75d6ef5043fa5781956a6a02b24e2b79e
 CVE-2016-5482 (Unspecified vulnerability in the Oracle Commerce Guided Search ...)
 	NOT-FOR-US: Oracle
 CVE-2016-5481 (Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) ...)

Modified: data/DLA/list
===================================================================
--- data/DLA/list	2017-05-23 04:21:24 UTC (rev 51857)
+++ data/DLA/list	2017-05-23 04:35:09 UTC (rev 51858)
@@ -100,7 +100,7 @@
 	{CVE-2015-8270 CVE-2015-8271 CVE-2015-8272}
 	[wheezy] - rtmpdump 2.4+20111222.git4e06e21-1+deb7u1
 [25 Apr 2017] DLA-916-1 mysql-5.5 - security update
-	{CVE-2016-5483 CVE-2017-3302 CVE-2017-3305 CVE-2017-3308 CVE-2017-3309 CVE-2017-3329 CVE-2017-3453 CVE-2017-3456 CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3600}
+	{CVE-2017-3302 CVE-2017-3305 CVE-2017-3308 CVE-2017-3309 CVE-2017-3329 CVE-2017-3453 CVE-2017-3456 CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3600}
 	[wheezy] - mysql-5.5 5.5.55-0+deb7u1
 [25 Apr 2017] DLA-915-1 botan1.10 - security update
 	{CVE-2017-2801}

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2017-05-23 04:21:24 UTC (rev 51857)
+++ data/DSA/list	2017-05-23 04:35:09 UTC (rev 51858)
@@ -77,7 +77,7 @@
 	{CVE-2016-9013 CVE-2016-9014 CVE-2017-7233 CVE-2017-7234}
 	[jessie] - python-django 1.7.11-1+deb8u2
 [25 Apr 2017] DSA-3834-1 mysql-5.5 - security update
-	{CVE-2016-5483 CVE-2017-3302 CVE-2017-3305 CVE-2017-3308 CVE-2017-3309 CVE-2017-3329 CVE-2017-3453 CVE-2017-3456 CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3600}
+	{CVE-2017-3302 CVE-2017-3305 CVE-2017-3308 CVE-2017-3309 CVE-2017-3329 CVE-2017-3453 CVE-2017-3456 CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3600}
 	[jessie] - mysql-5.5 5.5.55-0+deb8u1
 [24 Apr 2017] DSA-3833-1 libav - security update
 	{CVE-2016-9821 CVE-2016-9822}