[Secure-testing-commits] r57580 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sun Nov 12 20:01:35 UTC 2017


Author: carnil
Date: 2017-11-12 20:01:35 +0000 (Sun, 12 Nov 2017)
New Revision: 57580

Modified:
   data/CVE/list
Log:
openvswitch version uploaded to unstable

Although not needed since we basically only track the fix via unstable
decided to keep the experimental entry with the exact version which
fixed the respective CVE still recorded.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-11-12 18:52:44 UTC (rev 57579)
+++ data/CVE/list	2017-11-12 20:01:35 UTC (rev 57580)
@@ -4929,7 +4929,7 @@
 	NOT-FOR-US: InFocus Mondopad
 CVE-2017-14970 (In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are ...)
 	[experimental] - openvswitch 2.8.1+dfsg1-1
-	- openvswitch <unfixed> (unimportant; bug #877543)
+	- openvswitch 2.8.1+dfsg1-2 (unimportant; bug #877543)
 	NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html
 	NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html
 	NOTE: Not considered a security issue by upstream, see #877543
@@ -21594,21 +21594,21 @@
 	RESERVED
 CVE-2017-9265 (In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing ...)
 	[experimental] - openvswitch 2.8.1+dfsg1-1
-	- openvswitch <unfixed> (unimportant; bug #863662)
+	- openvswitch 2.8.1+dfsg1-2 (unimportant; bug #863662)
 	[jessie] - openvswitch <not-affected> (Vulnerable code not present)
 	[wheezy] - openvswitch <not-affected> (Vulnerable code not present)
 	NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332965.html
 	NOTE: OpenFlow 1.5 support still incomplete
 CVE-2017-9264 (In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) ...)
 	[experimental] - openvswitch 2.8.1+dfsg1-1
-	- openvswitch <unfixed> (unimportant; bug #863661)
+	- openvswitch 2.8.1+dfsg1-2 (unimportant; bug #863661)
 	[jessie] - openvswitch <not-affected> (Vulnerable code not present; connection tracking support introduced in 2.6.0)
 	[wheezy] - openvswitch <not-affected> (Vulnerable code not present; connection tracking support introduced in 2.6.0)
 	NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-March/329323.html
 	NOTE: Userspace data path not enabled in Debian packaging
 CVE-2017-9263 (In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status ...)
 	[experimental] - openvswitch 2.8.1+dfsg1-1
-	- openvswitch <unfixed> (unimportant; bug #863655)
+	- openvswitch 2.8.1+dfsg1-2 (unimportant; bug #863655)
 	[jessie] - openvswitch <not-affected> (No controllers implemented, cf. #863655)
 	[wheezy] - openvswitch <not-affected> (No controllers implemented, cf. #863655)
 	NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332966.html
@@ -21830,7 +21830,7 @@
 	RESERVED
 CVE-2017-9214 (In Open vSwitch (OvS) 2.7.0, while parsing an ...)
 	[experimental] - openvswitch 2.8.1+dfsg1-1
-	- openvswitch <unfixed> (bug #863228)
+	- openvswitch 2.8.1+dfsg1-2 (bug #863228)
 	[stretch] - openvswitch <no-dsa> (Minor issue)
 	[jessie] - openvswitch <not-affected> (Vulnerable code not present)
 	[wheezy] - openvswitch <not-affected> (Vulnerable code not present)




More information about the Secure-testing-commits mailing list