[Git][security-tracker-team/security-tracker][master] Remove explicit unfixed marking for stretch for wpa issues

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
de6402f8 by Salvatore Bonaccorso at 2019-04-10T19:06:10Z
Remove explicit unfixed marking for stretch for wpa issues

Unfixed status goes down to the lower suites automatically.

While at it, since some code is not enabled in stretch (but apparently
in unstable), instead of using unimportant, go for ignored, as the
unimportant status would affect the whole CVE entry.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4499,31 +4499,25 @@ CVE-2019-9501
 CVE-2019-9500
 	RESERVED
 CVE-2019-9499 [EAP-pwd peer missing commit validation for scalar/element]
-	- wpa <unfixed> (bug #926801)
-	[stretch] - wpa <unfixed>
 	RESERVED
-CVE-2019-9498 [EAP-pwd server missing commit validation for scalar/element]
 	- wpa <unfixed> (bug #926801)
-	[stretch] - wpa <unfixed>
+CVE-2019-9498 [EAP-pwd server missing commit validation for scalar/element]
 	RESERVED
-CVE-2019-9497 [EAP-pwd server not checking for reflection attack]
 	- wpa <unfixed> (bug #926801)
-	[stretch] - wpa <unfixed>
+CVE-2019-9497 [EAP-pwd server not checking for reflection attack]
 	RESERVED
+	- wpa <unfixed> (bug #926801)
 CVE-2019-9496 [SAE confirm missing state validation in hostapd/AP]
 	RESERVED
 	- wpa <unfixed> (bug #926801)
-	[stretch] - wpa <unfixed> (unimportant)
- NOTE: SAE code not enabled in stretch
+	[stretch] - wpa <ignored> (SAE code not enabled for build in stretch)
 CVE-2019-9495 [cache attack against EAP-pwd]
-	- wpa <unfixed> (bug #926801)
-	[stretch] - wpa <unfixed>
 	RESERVED
-CVE-2019-9494 [cache attack against SAE]
 	- wpa <unfixed> (bug #926801)
-	[stretch] - wpa <unfixed> (unimportant)
- NOTE: SAE code not enabled in stretch
+CVE-2019-9494 [cache attack against SAE]
 	RESERVED
+	- wpa <unfixed> (bug #926801)
+	[stretch] - wpa <ignored> (SAE code not enabled for build in stretch)
 CVE-2019-9493
 	RESERVED
 CVE-2019-9492



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/de6402f83bca22b2804daf8e096bca54b52fba04

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/de6402f83bca22b2804daf8e096bca54b52fba04
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190410/09f25041/attachment.html>