[Secure-testing-commits] r58149 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Nov 30 18:06:04 UTC 2017 

Author: carnil
Date: 2017-11-30 18:06:04 +0000 (Thu, 30 Nov 2017)
New Revision: 58149

Modified:
   data/CVE/list
Log:
Update older Qpid Java Broker NFUs to now track itp'ed bug #840131

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-11-30 17:55:14 UTC (rev 58148)
+++ data/CVE/list	2017-11-30 18:06:04 UTC (rev 58149)
@@ -53407,7 +53407,7 @@
 CVE-2016-8742
 	RESERVED
 CVE-2016-8741 (The Apache Qpid Broker for Java can be configured to use different so ...)
-	NOT-FOR-US: Apache Qpid Java Broker
+	- qpid-java <itp> (bug #840131)
 CVE-2016-8740 (The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, ...)
 	- apache2 2.4.25-1 (bug #847124)
 	[jessie] - apache2 <not-affected> (Vulnerable code not present)
@@ -66513,7 +66513,7 @@
 CVE-2016-4975
 	RESERVED
 CVE-2016-4974 (Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before ...)
-	NOT-FOR-US: Apache Qpid Java Broker
+	- qpid-java <itp> (bug #840131)
 CVE-2016-4973 (Binaries compiled against targets that use the libssp library in GCC ...)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1324759
 	- gcc-6 <not-affected> (Uses glibc-internal SSP)
@@ -68258,7 +68258,7 @@
 	- libstruts1.2-java <not-affected> (Only affects 2.3.20 to 2.3.28.1)
 	NOTE: https://struts.apache.org/docs/s2-039.html
 CVE-2016-4432 (The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid ...)
-	NOT-FOR-US: Apache Qpid Java Broker
+	- qpid-java <itp> (bug #840131)
 CVE-2016-4431 (Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to ...)
 	- libstruts1.2-java <not-affected> (Only affects 2.3.20 to 2.3.28.1)
 	NOTE: https://struts.apache.org/docs/s2-040.html
@@ -71836,7 +71836,7 @@
 CVE-2016-3095 (server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local ...)
 	NOT-FOR-US: Pulp (Red Hat)
 CVE-2016-3094 (PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker ...)
-	NOT-FOR-US: Apache Qpid Java Broker
+	- qpid-java <itp> (bug #840131)
 CVE-2016-3093 (Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method ...)
 	- libstruts1.2-java <not-affected> (Only affects Struts 2.x)
 	NOTE: https://struts.apache.org/docs/s2-034.html

More information about the Secure-testing-commits mailing list