[Git][security-tracker-team/security-tracker][master] disassociate three old bogus CVEs from src:openvpn

Sun, 07 Dec 2025 14:14:13 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c32c2e04 by Moritz Muehlenhoff at 2025-12-07T23:12:34+01:00
disassociate three old bogus CVEs from src:openvpn

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -601230,7 +601230,6 @@ CVE-2014-10070 (zsh before 5.0.7 allows evaluation of 
the initial values of inte
        - zsh 5.0.7-3
        NOTE: 
https://sourceforge.net/p/zsh/code/ci/546203a770cec329e73781c3c8ab1078390aee72
 CVE-2018-7544 (A cross-protocol scripting issue was discovered in the 
management inte ...)
-       - openvpn <unfixed> (unimportant)
        NOTE: Not a security issue per se, later versions might explicitly warn 
in
        NOTE: affected problematic configurations in both the documentation and 
with
        NOTE: a runtime warning.
@@ -684686,7 +684685,6 @@ CVE-2016-6331 (ApiParse in MediaWiki before 1.23.15, 
1.26.x before 1.26.4, and 1
 CVE-2016-6330 (The server in Red Hat JBoss Operations Network (JON), when SSL 
authent ...)
        NOT-FOR-US: Red Hat / JBoss Operations Network server
 CVE-2016-6329 (OpenVPN, when using a 64-bit block cipher, makes it easier for 
remote  ...)
-       - openvpn <unfixed> (unimportant)
        NOTE: https://community.openvpn.net/openvpn/wiki/SWEET32
        NOTE: This is a generic cryptographic weakness, not a vulnerability in 
OpenVPN per se
 CVE-2016-6328 (A vulnerability was found in libexif. An integer overflow when 
parsing ...)
@@ -878825,7 +878823,6 @@ CVE-2006-2230 (Multiple format string vulnerabilities 
in xiTK (xitk/main.c) in x
        {DSA-1093-1}
        - xine-ui 0.99.4-2 (medium; bug #363370; bug #372172)
 CVE-2006-2229 (OpenVPN 2.0.7 and earlier, when configured to use the 
--management opt ...)
-       - openvpn <unfixed> (unimportant)
        NOTE: One needs to explicitly set the IP to something else than 
127.0.0.1
        NOTE: in order to be vulnerable. The man page recommends not to do it.
 CVE-2006-2228 (Cross-site scripting (XSS) vulnerability in w-Agora (aka 
Web-Agora) 4. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c32c2e049df1680b416819d0cd78064dfe54f756

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c32c2e049df1680b416819d0cd78064dfe54f756
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to