Control: retitle -1 shotwell: CVE-2016-1000033: does not verify TLS certificates
Hi! On Sat, Sep 10, 2016 at 12:22:55AM +0200, Jörg Frings-Fürst wrote: > retitle 807110 Missing TLS validation > thanks. > > Hi, > > result for searching the CVE: > > ERROR: Couldn't find 'CVE-2016-1000033' > > Could not find a CVE entry for 'CVE-2016-1000033' > > 'CVE-2016-1000033' is valid CVE-ID syntax, but the entry does not exist. > > So I revert the changes. Yup, it is valid, cf. https://bugzilla.redhat.com/show_bug.cgi?id=1291361 and https://bugzilla.novell.com/show_bug.cgi?id=997861 an was assigned via the DWF project. MITRE has just not yet updated the description on their end apparently. You can find more references as well via https://security-tracker.debian.org/tracker/CVE-2016-1000033 The issue can be though fixed via a point release for jessie; we marked it already a while a go as no-dsa. Does this helps? Regards, Salvatore
signature.asc
Description: PGP signature