Author: carnil
Date: 2015-11-18 05:23:12 +0000 (Wed, 18 Nov 2015)
New Revision: 37747
Modified:
data/CVE/list
Log:
Split up entry for jenkins and libcommons-collections*
According to MITRE CVE-2015-8103 assigned to jenkins, but no CVE will be
assigned to libcommons-collections*
Note for reviewers: please double check this split is correct and
interpretation of the oss-security thread correct.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-11-18 05:11:32 UTC (rev 37746)
+++ data/CVE/list 2015-11-18 05:23:12 UTC (rev 37747)
@@ -282,8 +282,6 @@
[wheezy] - mplayer <no-dsa> (Minor issue)
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2015/11/10/8
NOTE: Possibly doesn't affect squeeze. Valgrind doesn't report the read
out-of-bounds.
-CVE-2015-8103
- RESERVED
CVE-2015-8102
RESERVED
CVE-2015-8101
@@ -336,8 +334,10 @@
TODO: check
CVE-2015-8081 (The Field as Block module 7.x-1.x before 7.x-1.4 for Drupal
might ...)
TODO: check
+CVE-2015-8103
+ - jenkins <unfixed> (bug #804522)
+ NOTE:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
CVE-2015-XXXX [java unserialisation issues]
- - jenkins <unfixed> (bug #804522)
- libcommons-collections3-java 3.2.2-1
- libcommons-collections4-java <unfixed>
CVE-2015-8079
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
