[Secure-testing-commits] r57580 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Nov 12 20:01:35 UTC 2017
Author: carnil
Date: 2017-11-12 20:01:35 +0000 (Sun, 12 Nov 2017)
New Revision: 57580
Modified:
data/CVE/list
Log:
openvswitch version uploaded to unstable
Although not needed since we basically only track the fix via unstable
decided to keep the experimental entry with the exact version which
fixed the respective CVE still recorded.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-12 18:52:44 UTC (rev 57579)
+++ data/CVE/list 2017-11-12 20:01:35 UTC (rev 57580)
@@ -4929,7 +4929,7 @@
NOT-FOR-US: InFocus Mondopad
CVE-2017-14970 (In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are ...)
[experimental] - openvswitch 2.8.1+dfsg1-1
- - openvswitch <unfixed> (unimportant; bug #877543)
+ - openvswitch 2.8.1+dfsg1-2 (unimportant; bug #877543)
NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html
NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html
NOTE: Not considered a security issue by upstream, see #877543
@@ -21594,21 +21594,21 @@
RESERVED
CVE-2017-9265 (In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing ...)
[experimental] - openvswitch 2.8.1+dfsg1-1
- - openvswitch <unfixed> (unimportant; bug #863662)
+ - openvswitch 2.8.1+dfsg1-2 (unimportant; bug #863662)
[jessie] - openvswitch <not-affected> (Vulnerable code not present)
[wheezy] - openvswitch <not-affected> (Vulnerable code not present)
NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332965.html
NOTE: OpenFlow 1.5 support still incomplete
CVE-2017-9264 (In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) ...)
[experimental] - openvswitch 2.8.1+dfsg1-1
- - openvswitch <unfixed> (unimportant; bug #863661)
+ - openvswitch 2.8.1+dfsg1-2 (unimportant; bug #863661)
[jessie] - openvswitch <not-affected> (Vulnerable code not present; connection tracking support introduced in 2.6.0)
[wheezy] - openvswitch <not-affected> (Vulnerable code not present; connection tracking support introduced in 2.6.0)
NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-March/329323.html
NOTE: Userspace data path not enabled in Debian packaging
CVE-2017-9263 (In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status ...)
[experimental] - openvswitch 2.8.1+dfsg1-1
- - openvswitch <unfixed> (unimportant; bug #863655)
+ - openvswitch 2.8.1+dfsg1-2 (unimportant; bug #863655)
[jessie] - openvswitch <not-affected> (No controllers implemented, cf. #863655)
[wheezy] - openvswitch <not-affected> (No controllers implemented, cf. #863655)
NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332966.html
@@ -21830,7 +21830,7 @@
RESERVED
CVE-2017-9214 (In Open vSwitch (OvS) 2.7.0, while parsing an ...)
[experimental] - openvswitch 2.8.1+dfsg1-1
- - openvswitch <unfixed> (bug #863228)
+ - openvswitch 2.8.1+dfsg1-2 (bug #863228)
[stretch] - openvswitch <no-dsa> (Minor issue)
[jessie] - openvswitch <not-affected> (Vulnerable code not present)
[wheezy] - openvswitch <not-affected> (Vulnerable code not present)
More information about the Secure-testing-commits
mailing list