[Git][security-tracker-team/security-tracker][master] disassociate three old bogus CVEs from src:openvpn

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Dec 7 22:13:59 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c32c2e04 by Moritz Muehlenhoff at 2025-12-07T23:12:34+01:00
disassociate three old bogus CVEs from src:openvpn

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -601230,7 +601230,6 @@ CVE-2014-10070 (zsh before 5.0.7 allows evaluation of the initial values of inte
 	- zsh 5.0.7-3
 	NOTE: https://sourceforge.net/p/zsh/code/ci/546203a770cec329e73781c3c8ab1078390aee72
 CVE-2018-7544 (A cross-protocol scripting issue was discovered in the management inte ...)
-	- openvpn <unfixed> (unimportant)
 	NOTE: Not a security issue per se, later versions might explicitly warn in
 	NOTE: affected problematic configurations in both the documentation and with
 	NOTE: a runtime warning.
@@ -684686,7 +684685,6 @@ CVE-2016-6331 (ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1
 CVE-2016-6330 (The server in Red Hat JBoss Operations Network (JON), when SSL authent ...)
 	NOT-FOR-US: Red Hat / JBoss Operations Network server
 CVE-2016-6329 (OpenVPN, when using a 64-bit block cipher, makes it easier for remote  ...)
-	- openvpn <unfixed> (unimportant)
 	NOTE: https://community.openvpn.net/openvpn/wiki/SWEET32
 	NOTE: This is a generic cryptographic weakness, not a vulnerability in OpenVPN per se
 CVE-2016-6328 (A vulnerability was found in libexif. An integer overflow when parsing ...)
@@ -878825,7 +878823,6 @@ CVE-2006-2230 (Multiple format string vulnerabilities in xiTK (xitk/main.c) in x
 	{DSA-1093-1}
 	- xine-ui 0.99.4-2 (medium; bug #363370; bug #372172)
 CVE-2006-2229 (OpenVPN 2.0.7 and earlier, when configured to use the --management opt ...)
-	- openvpn <unfixed> (unimportant)
 	NOTE: One needs to explicitly set the IP to something else than 127.0.0.1
 	NOTE: in order to be vulnerable. The man page recommends not to do it.
 CVE-2006-2228 (Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) 4. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c32c2e049df1680b416819d0cd78064dfe54f756

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c32c2e049df1680b416819d0cd78064dfe54f756
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251207/a55b1cf8/attachment.htm>

More information about the debian-security-tracker-commits mailing list