[Secure-testing-commits] r56284 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Sat Sep 30 15:33:39 UTC 2017 

Author: jmm
Date: 2017-09-30 15:33:39 +0000 (Sat, 30 Sep 2017)
New Revision: 56284

Modified:
   data/CVE/list
Log:
libhtp fixed
older bind issue unimportant


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-09-30 15:30:45 UTC (rev 56283)
+++ data/CVE/list	2017-09-30 15:33:39 UTC (rev 56284)
@@ -53736,12 +53736,11 @@
 	NOTE: https://gitlab.labs.nic.cz/labs/knot/merge_requests/541
 	NOTE: https://gitlab.labs.nic.cz/labs/knot/issues/464
 CVE-2016-6170 (ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x ...)
-	- bind9 <unfixed> (bug #830810)
-	[stretch] - bind9 <no-dsa> (Minor issue)
-	[jessie] - bind9 <no-dsa> (Minor issue)
-	[wheezy] - bind9 <no-dsa> (Minor issue)
+	- bind9 <unfixed> (unimportant; bug #830810)
+	NOTE: Not fixed upstream, proposed patches below are unofficial:
 	NOTE: Fixed by https://github.com/sischkg/xfer-limit/blob/master/bind-9.10.3-xfer-limit-0.0.1.patch
 	NOTE: Fixed by https://github.com/sischkg/xfer-limit/blob/master/bind-9.9.9-P1-xfer-limit-0.0.1.patch
+	NOTE: Negligable security impact
 CVE-2016-6163 (The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in ...)
 	- librsvg 2.40.9-2
 	[jessie] - librsvg <no-dsa> (Minor issue)
@@ -92464,7 +92463,7 @@
 	[squeeze] - suricata <no-dsa> (Minor issue)
 	NOTE: https://github.com/inliniac/suricata/commit/89017d0b03bf715a3f4e11b612c6c7a23549304a
 CVE-2015-XXXX [http uri parsing issue]
-	- libhtp <removed> (bug #783007)
+	- libhtp 1:0.5.25-1 (bug #783007)
 	[squeeze] - libhtp <no-dsa> (Minor issue)
 	NOTE: if libhtp gets updated to 0.5.17 in sid, it will conflict with suricata which ships the library too (see #783005)
 	[wheezy] - libhtp <no-dsa> (Unusable in wheezy, planned for removal)
@@ -94312,7 +94311,7 @@
 	[squeeze] - lame <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/02/12/8
 CVE-2015-XXXX [denial of service under memory stress]
-	- libhtp <removed> (bug #777522)
+	- libhtp 1:0.5.25-1 (bug #777522)
 	[squeeze] - libhtp <no-dsa> (Minor issue)
 	[wheezy] - libhtp <no-dsa> (Minor issue)
 	NOTE: https://github.com/inliniac/libhtp/commit/c7c03843cd6b1cbf44eb435d160ba53aec948828
@@ -98153,7 +98152,7 @@
 CVE-2014-9432 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	- serendipity <removed>
 CVE-2014-XXXX [denial of service with specific packets]
-	- libhtp <removed> (bug #774897)
+	- libhtp 1:0.5.25-1 (bug #774897)
 	[wheezy] - libhtp <no-dsa> (Minor issue)
 	[squeeze] - libhtp <no-dsa> (Minor issue)
 	NOTE: https://redmine.openinfosecfoundation.org/issues/1272

More information about the Secure-testing-commits mailing list