Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8fb67333 by Thorsten Alteholz at 2018-07-11T14:54:50+02:00 modify status of CVE-2016-5405 and CVE-2017-15135 for Jessie - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -43884,7 +43884,7 @@ CVE-2017-15136 (When registering and activating a new system with Red Hat Satell NOT-FOR-US: Red Hat Satellite 6 CVE-2017-15135 (It was found that 389-ds-base since 1.3.6.1 up to and including ...) - 389-ds-base 1.3.7.9-1 (bug #888451) - [jessie] - 389-ds-base <no-dsa> (vulnerable code (patch for CVE-2016-5405) not yet applied) + [jessie] - 389-ds-base <not-affected> (vulnerable code (patch for CVE-2016-5405) not applied) CVE-2017-15134 (A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x ...) - 389-ds-base 1.3.7.9-1 (bug #888452) NOTE: Fixed by: https://pagure.io/389-ds-base/c/6aa2acdc3cad9 @@ -101996,6 +101996,7 @@ CVE-2016-5405 (389 Directory Server in Red Hat Enterprise Linux Desktop 6 throug NOTE: This affects systems storing passwords in plain text. NOTE: Systems using unsalted hashes might be unsafe as well if using weak NOTE: hash algorithms, however the attack would be very time-consuming. + NOTE: the patch for this CVE causes CVE-2017-15135 CVE-2016-5404 (The cert_revoke command in FreeIPA does not check for the "revoke ...) - freeipa 4.3.2-5 (bug #835131) NOTE: https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=cf74584d0f772f3f5eccc1d30c001e4212a104fd (master) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8fb67333558c7f0366eb9f6e0dd2882babd98577 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8fb67333558c7f0366eb9f6e0dd2882babd98577 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits