[Secure-testing-commits] r52133 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Tue May 30 21:19:50 UTC 2017
Author: jmm
Date: 2017-05-30 21:19:50 +0000 (Tue, 30 May 2017)
New Revision: 52133
Modified:
data/CVE/list
Log:
various no-dsa for stretch
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-30 21:10:14 UTC (rev 52132)
+++ data/CVE/list 2017-05-30 21:19:50 UTC (rev 52133)
@@ -6595,6 +6595,7 @@
CVE-2017-6949 (An issue was discovered in CHICKEN Scheme through 4.12.0. When using a ...)
{DLA-908-1}
- chicken <unfixed> (bug #858057)
+ [stretch] - chicken <no-dsa> (Minor issue)
[jessie] - chicken <no-dsa> (Minor issue)
NOTE: http://lists.gnu.org/archive/html/chicken-announce/2017-03/msg00000.html
CVE-2017-6948
@@ -10970,12 +10971,14 @@
CVE-2016-10152 (The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls ...)
{DLA-796-1}
- hesiod <unfixed> (low; bug #852093)
+ [stretch] - hesiod <no-dsa> (Minor issue)
[jessie] - hesiod <no-dsa> (Minor issue)
NOTE: https://github.com/achernya/hesiod/pull/10
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1332493
CVE-2016-10151 (The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID ...)
{DLA-796-1}
- hesiod <unfixed> (low; bug #852094)
+ [stretch] - hesiod <no-dsa> (Minor issue)
[jessie] - hesiod <no-dsa> (Minor issue)
NOTE: https://github.com/achernya/hesiod/pull/9
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1332508
@@ -15789,6 +15792,7 @@
NOTE: https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5
CVE-2016-9954 (The backtrack compilation code in the Irregex package (aka IrRegular ...)
- chicken <unfixed> (low; bug #851278)
+ [stretch] - chicken <no-dsa> (Minor issue)
[jessie] - chicken <no-dsa> (Minor issue)
[wheezy] - chicken <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2016/12/14/18
@@ -33635,11 +33639,13 @@
CVE-2016-6831 (The "process-execute" and "process-spawn" procedures did not free ...)
{DLA-643-1}
- chicken <unfixed> (bug #834845)
+ [stretch] - chicken <no-dsa> (Minor issue)
[jessie] - chicken <no-dsa> (Minor issue)
NOTE: Fixed in the same upstream patch which is provided for CVE-2016-6830
CVE-2016-6830 (The "process-execute" and "process-spawn" procedures in CHICKEN Scheme ...)
{DLA-643-1}
- chicken <unfixed> (bug #834845)
+ [stretch] - chicken <no-dsa> (Minor issue)
[jessie] - chicken <no-dsa> (Minor issue)
NOTE: http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html
NOTE: https://lists.nongnu.org/archive/html/chicken-hackers/2016-07/txtSWHYeFeG0R.txt
@@ -51472,6 +51478,7 @@
NOTE: Fix for 1.x http://git.tuxfamily.org/chrony/chrony.git/commit/?h=1.31-security&id=df46e5ca5d70be1c0ae037f96b4b038362703832
CVE-2016-1566 (Cross-site scripting (XSS) vulnerability in the file browser in ...)
- guacamole-client <unfixed> (bug #859136)
+ [stretch] - guacamole-client <no-dsa> (Minor issue)
[jessie] - guacamole-client <not-affected> (Vulnerable code not present)
- guacamole <not-affected> (Vulnerable code not present)
CVE-2016-1565 (Cross-site scripting (XSS) vulnerability in the Field Group module ...)
@@ -54671,6 +54678,7 @@
CVE-2015-8559 [knife bootstrap leaks validator privkey into system logs]
RESERVED
- chef <unfixed> (bug #809670)
+ [stretch] - chef <no-dsa> (Minor issue; workaround using validatorless bootstrapping)
[jessie] - chef <no-dsa> (Minor issue; workaround using validatorless bootstrapping)
[wheezy] - chef <no-dsa> (Minor issue; workaround using validatorless bootstrapping)
NOTE: https://github.com/chef/chef/issues/3871
@@ -86273,6 +86281,7 @@
CVE-2014-8242 (librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, ...)
[experimental] - librsync 1.0.0-1~exp1
- librsync <unfixed> (low; bug #776246)
+ [stretch] - librsync <no-dsa> (Minor issue, too instrusive to backport)
[jessie] - librsync <no-dsa> (Minor issue, too instrusive to backport)
[wheezy] - librsync <no-dsa> (Minor issue, too instrusive to backport)
[squeeze] - librsync <no-dsa> (Minor issue, too instrusive to backport)
More information about the Secure-testing-commits
mailing list