[Secure-testing-commits] r56977 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Thu Oct 26 09:46:47 UTC 2017
Author: jmm
Date: 2017-10-26 09:46:47 +0000 (Thu, 26 Oct 2017)
New Revision: 56977
Modified:
data/CVE/list
Log:
openvswitch fixed in experimental
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-26 09:45:04 UTC (rev 56976)
+++ data/CVE/list 2017-10-26 09:46:47 UTC (rev 56977)
@@ -2356,6 +2356,7 @@
NOT-FOR-US: InFocus Mondopad
CVE-2017-14970 (In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are ...)
- openvswitch <unfixed> (unimportant; bug #877543)
+ [experimental] - openvswitch 2.8.1+dfsg1-1
NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html
NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html
NOTE: Not considered a security issue by upstream, see #877543
@@ -18795,18 +18796,21 @@
RESERVED
CVE-2017-9265 (In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing ...)
- openvswitch <unfixed> (unimportant; bug #863662)
+ [experimental] - openvswitch 2.8.1+dfsg1-1
[jessie] - openvswitch <not-affected> (Vulnerable code not present)
[wheezy] - openvswitch <not-affected> (Vulnerable code not present)
NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332965.html
NOTE: OpenFlow 1.5 support still incomplete
CVE-2017-9264 (In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) ...)
- openvswitch <unfixed> (unimportant; bug #863661)
+ [experimental] - openvswitch 2.8.1+dfsg1-1
[jessie] - openvswitch <not-affected> (Vulnerable code not present; connection tracking support introduced in 2.6.0)
[wheezy] - openvswitch <not-affected> (Vulnerable code not present; connection tracking support introduced in 2.6.0)
NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-March/329323.html
NOTE: Userspace data path not enabled in Debian packaging
CVE-2017-9263 (In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status ...)
- openvswitch <unfixed> (unimportant; bug #863655)
+ [experimental] - openvswitch 2.8.1+dfsg1-1
[jessie] - openvswitch <not-affected> (No controllers implemented, cf. #863655)
[wheezy] - openvswitch <not-affected> (No controllers implemented, cf. #863655)
NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332966.html
@@ -19028,6 +19032,7 @@
RESERVED
CVE-2017-9214 (In Open vSwitch (OvS) 2.7.0, while parsing an ...)
- openvswitch <unfixed> (bug #863228)
+ [experimental] - openvswitch 2.8.1+dfsg1-1
[stretch] - openvswitch <no-dsa> (Minor issue)
[jessie] - openvswitch <not-affected> (Vulnerable code not present)
[wheezy] - openvswitch <not-affected> (Vulnerable code not present)
More information about the Secure-testing-commits
mailing list