[Secure-testing-commits] r56995 - in data: . CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Thu Oct 26 16:43:58 UTC 2017
Author: hertzog
Date: 2017-10-26 16:43:58 +0000 (Thu, 26 Oct 2017)
New Revision: 56995
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Demote CVE-2017-1000047 on wheezy to no-dsa like the security team did
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-26 16:43:48 UTC (rev 56994)
+++ data/CVE/list 2017-10-26 16:43:58 UTC (rev 56995)
@@ -13336,7 +13336,9 @@
- rbenv <unfixed> (bug #869702)
[stretch] - rbenv <no-dsa> (Minor issue)
[jessie] - rbenv <no-dsa> (Minor issue)
+ [wheezy] - rbenv <no-dsa> (Minor issue)
NOTE: https://github.com/rbenv/rbenv/issues/977
+ NOTE: .ruby-version is .rbenv-version in wheezy
CVE-2017-1000046 (Mautic 2.6.1 and earlier fails to set flags on session cookies ...)
NOT-FOR-US: Mautic
CVE-2017-1000045 (Mautic SSO/OAuth2 plugins are vulnerable to CSRF of the state ...)
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-10-26 16:43:48 UTC (rev 56994)
+++ data/dla-needed.txt 2017-10-26 16:43:58 UTC (rev 56995)
@@ -96,10 +96,6 @@
qemu-kvm
NOTE: 20171012 Can wait for more issues to pile up
--
-rbenv
- NOTE: .ruby-version is .rbenv-version in wheezy
- NOTE: 20170802: No upstream patch (lamby)
---
redis (Chris Lamb)
NOTE: 20171009: Waiting for upstream to bless patch. (lamby)
NOTE: 20171016: Waiting for upstream to bless patch. (lamby)
More information about the Secure-testing-commits
mailing list