Author: jmm Date: 2016-09-19 21:40:36 +0000 (Mon, 19 Sep 2016) New Revision: 44745
Modified: data/CVE/list Log: bash unimportant mutt unimportant Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-09-19 21:34:07 UTC (rev 44744) +++ data/CVE/list 2016-09-19 21:40:36 UTC (rev 44745) @@ -25016,12 +25016,13 @@ NOT-FOR-US: Oracle CVE-2016-0634 [bash prompt expanding return value from gethostname()] RESERVED - - bash 4.4-1 - [jessie] - bash <no-dsa> (Minor issue) - [wheezy] - bash <no-dsa> (Minor issue) + - bash 4.4-1 (unimportant) NOTE: http://www.openwall.com/lists/oss-security/2016/09/16/8 NOTE: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025 NOTE: Fixed bin Bash upstream bash-4.4 + NOTE: This doesn't cross any reasonable security boundaries, an attacker with the + NOTE: ability to modify the hostname in an arbitrary manner is in the position to + NOTE: exploit various other system components anyway CVE-2016-0633 RESERVED CVE-2016-0632 @@ -49460,11 +49461,9 @@ CVE-2013-7420 (Buffer overflow in Hancom Office 2010 SE allows remote attackers to ...) NOT-FOR-US: Hancom Office 2010 SE CVE-2015-XXXX [smime_keys: insecure use of /tmp] - - mutt 1.5.24-1 (low; bug #775199) - [jessie] - mutt <no-dsa> (Minor issue) - [wheezy] - mutt <no-dsa> (Minor issue) - [squeeze] - mutt <no-dsa> (Minor issue) + - mutt 1.5.24-1 (unimportant; bug #775199) NOTE: http://dev.mutt.org/hg/mutt/rev/babc30377614 + NOTE: Rendered non-exploitable by Linux hardening since wheezy CVE-2015-XXXX [djvudigital: insecure use of /tmp] - djvulibre 3.5.27.1-3 (bug #775193) [jessie] - djvulibre <no-dsa> (Minor issue) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits