[Secure-testing-commits] r55834 - data/CVE
Vagrant Cascadian
vagrant at moszumanska.debian.org
Sun Sep 17 16:08:35 UTC 2017
Author: vagrant
Date: 2017-09-17 16:08:35 +0000 (Sun, 17 Sep 2017)
New Revision: 55834
Modified:
data/CVE/list
Log:
Update notes regarding jessie+ for CVE-2017-3225 and CVE-2017-3226.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-17 15:00:34 UTC (rev 55833)
+++ data/CVE/list 2017-09-17 16:08:35 UTC (rev 55834)
@@ -33291,11 +33291,13 @@
RESERVED
- u-boot <unfixed>
[wheezy] - u-boot <not-affected> (Vulnerable code do not exist)
+ NOTE: jessie+ no built targets use ENV_AES by default, but fw_printenv/fw_setenv in u-boot-tools supports it. Upstream has deprecated it and plans to remove it in future versions.
NOTE: https://www.kb.cert.org/vuls/id/166743
CVE-2017-3225
RESERVED
- u-boot <unfixed>
[wheezy] - u-boot <not-affected> (Vulnerable code do not exist)
+ NOTE: jessie+ no built targets use ENV_AES by default, but fw_printenv/fw_setenv in u-boot-tools supports it. Upstream has deprecated it and plans to remove it in future versions.
NOTE: https://www.kb.cert.org/vuls/id/166743
CVE-2017-3224 [OSPF implementation improperly determines LSA recency (VU#793496)]
RESERVED
More information about the Secure-testing-commits
mailing list