[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark CVE-2016-9318 as ignored for stretch and jessie

Salvatore Bonaccorso carnil at debian.org
Tue Jan 2 16:44:47 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4a556f03 by Salvatore Bonaccorso at 2018-01-02T17:44:09+01:00
Mark CVE-2016-9318 as ignored for stretch and jessie

Document new attempt from upstream bug

https://bugzilla.gnome.org/show_bug.cgi?id=772726

to fix the issue via

https://git.gnome.org/browse/libxml2/commit/?id=ad88b54f1a28a8565964a370b5d387927b633c0d

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -61175,14 +61175,15 @@ CVE-2016-9319 (There is Missing SSL Certificate Validation in the Trend Micro ..
 	NOT-FOR-US: Trend Micro
 CVE-2016-9318 (libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and ...)
 	- libxml2 <unfixed> (bug #844581)
-	[stretch] - libxml2 <no-dsa> (Minor issue)
-	[jessie] - libxml2 <no-dsa> (Minor issue)
+	[stretch] - libxml2 <ignored> (Minor issue; intrusive to backport)
+	[jessie] - libxml2 <ignored> (Minor issue; intrusive to backport)
 	[wheezy] - libxml2 <no-dsa> (Minor issue)
 	NOTE: Upstream Bug: https://bugzilla.gnome.org/show_bug.cgi?id=772726
 	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=2304078555896cf1638c628f50326aeef6f0e0d0
 	NOTE: The patch introduces a new option that can be specified if this
 	NOTE: behaviour is wanted. Not enforced by default.
 	NOTE: The option though was reverted in https://git.gnome.org/browse/libxml2/commit/?id=030b1f7a27c22f9237eddca49ec5e620b6258d7d
+	NOTE: New proposed/commited fix: https://git.gnome.org/browse/libxml2/commit/?id=ad88b54f1a28a8565964a370b5d387927b633c0d
 CVE-2016-9317 (The gdImageCreate function in the GD Graphics Library (aka libgd) ...)
 	{DSA-3777-1 DLA-804-1}
 	- libgd2 2.2.4-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4a556f03e9764f1b896f381c4bfe1425291b11d5

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4a556f03e9764f1b896f381c4bfe1425291b11d5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180102/5201781e/attachment.html>

More information about the Secure-testing-commits mailing list