[Git][security-tracker-team/security-tracker][master] modify status of CVE-2016-5405 and CVE-2017-15135 for Jessie

Wed, 11 Jul 2018 05:58:44 -0700 

Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8fb67333 by Thorsten Alteholz at 2018-07-11T14:54:50+02:00
modify status of CVE-2016-5405 and CVE-2017-15135 for Jessie

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -43884,7 +43884,7 @@ CVE-2017-15136 (When registering and activating a new 
system with Red Hat Satell
        NOT-FOR-US: Red Hat Satellite 6
 CVE-2017-15135 (It was found that 389-ds-base since 1.3.6.1 up to and 
including ...)
        - 389-ds-base 1.3.7.9-1 (bug #888451)
-       [jessie] - 389-ds-base <no-dsa> (vulnerable code (patch for 
CVE-2016-5405) not yet applied)
+       [jessie] - 389-ds-base <not-affected> (vulnerable code (patch for 
CVE-2016-5405) not applied)
 CVE-2017-15134 (A stack buffer overflow flaw was found in the way 389-ds-base 
1.3.6.x ...)
        - 389-ds-base 1.3.7.9-1 (bug #888452)
        NOTE: Fixed by: https://pagure.io/389-ds-base/c/6aa2acdc3cad9
@@ -101996,6 +101996,7 @@ CVE-2016-5405 (389 Directory Server in Red Hat 
Enterprise Linux Desktop 6 throug
        NOTE: This affects systems storing passwords in plain text.
        NOTE: Systems using unsalted hashes might be unsafe as well if using 
weak
        NOTE: hash algorithms, however the attack would be very time-consuming.
+       NOTE: the patch for this CVE causes CVE-2017-15135
 CVE-2016-5404 (The cert_revoke command in FreeIPA does not check for the 
&quot;revoke ...)
        - freeipa 4.3.2-5 (bug #835131)
        NOTE: 
https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=cf74584d0f772f3f5eccc1d30c001e4212a104fd
 (master)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8fb67333558c7f0366eb9f6e0dd2882babd98577

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8fb67333558c7f0366eb9f6e0dd2882babd98577
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to