[Git][security-tracker-team/security-tracker][master] modify status of CVE-2016-5405 and CVE-2017-15135 for Jessie

Thorsten Alteholz alteholz at debian.org
Wed Jul 11 13:58:21 BST 2018 

Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8fb67333 by Thorsten Alteholz at 2018-07-11T14:54:50+02:00
modify status of CVE-2016-5405 and CVE-2017-15135 for Jessie

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -43884,7 +43884,7 @@ CVE-2017-15136 (When registering and activating a new system with Red Hat Satell
 	NOT-FOR-US: Red Hat Satellite 6
 CVE-2017-15135 (It was found that 389-ds-base since 1.3.6.1 up to and including ...)
 	- 389-ds-base 1.3.7.9-1 (bug #888451)
-	[jessie] - 389-ds-base <no-dsa> (vulnerable code (patch for CVE-2016-5405) not yet applied)
+	[jessie] - 389-ds-base <not-affected> (vulnerable code (patch for CVE-2016-5405) not applied)
 CVE-2017-15134 (A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x ...)
 	- 389-ds-base 1.3.7.9-1 (bug #888452)
 	NOTE: Fixed by: https://pagure.io/389-ds-base/c/6aa2acdc3cad9
@@ -101996,6 +101996,7 @@ CVE-2016-5405 (389 Directory Server in Red Hat Enterprise Linux Desktop 6 throug
 	NOTE: This affects systems storing passwords in plain text.
 	NOTE: Systems using unsalted hashes might be unsafe as well if using weak
 	NOTE: hash algorithms, however the attack would be very time-consuming.
+	NOTE: the patch for this CVE causes CVE-2017-15135
 CVE-2016-5404 (The cert_revoke command in FreeIPA does not check for the "revoke ...)
 	- freeipa 4.3.2-5 (bug #835131)
 	NOTE: https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=cf74584d0f772f3f5eccc1d30c001e4212a104fd (master)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8fb67333558c7f0366eb9f6e0dd2882babd98577

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8fb67333558c7f0366eb9f6e0dd2882babd98577
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180711/2697c52a/attachment.html>

More information about the debian-security-tracker-commits mailing list