[Secure-testing-commits] r40443 - data/CVE

Sat, 19 Mar 2016 02:13:28 -0700 

Author: jmm
Date: 2016-03-17 17:59:03 +0000 (Thu, 17 Mar 2016)
New Revision: 40443

Modified:
   data/CVE/list
Log:
ntp no-dsa
another proftpd no-dsa
rawtherapee no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-03-17 16:47:07 UTC (rev 40442)
+++ data/CVE/list       2016-03-17 17:59:03 UTC (rev 40443)
@@ -723,8 +723,8 @@
 CVE-2016-3125 [TLSDHParamFile directive ignored]
        RESERVED
        - proftpd-dfsg <unfixed> (bug #818492)
-       [jessie] - proftpd-dfsg <no-dsa> (Minor issue; can fixed in point 
release)
-       [wheezy] - proftpd-dfsg <no-dsa> (Minor issue; can fixed in point 
release)
+       [jessie] - proftpd-dfsg <no-dsa> (Minor issue; can be fixed in point 
release)
+       [wheezy] - proftpd-dfsg <no-dsa> (Minor issue; can be fixed in point 
release)
        NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4230
        NOTE: Fixed in 1.3.6rc2, 1.3.5b.
 CVE-2016-3064
@@ -10588,6 +10588,8 @@
        NOTE: 
http://seclists.org/fulldisclosure/2015/Dec/att-57/cacti_sqli%281%29.txt
 CVE-2015-XXXX [Avoid unbounded SFTP extended attribute key/values]
        - proftpd-dfsg <unfixed>
+       [jessie] - proftpd-dfsg <no-dsa> (Minor issue; can be fixed in point 
release)
+       [wheezy] - proftpd-dfsg <no-dsa> (Minor issue; can be fixed in point 
release)
        [squeeze] - proftpd-dfsg <not-affected> (Vulnerable code not present)
        NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4210
        NOTE: https://github.com/proftpd/proftpd/pull/171
@@ -10666,6 +10668,7 @@
        [wheezy] - ufraw <not-affected> (Vulnerable code not present)
        [squeeze] - ufraw <not-affected> (Vulnerable code not present)
        - rawtherapee <unfixed>
+       [jessie] - rawtherapee <no-dsa> (Minor issue)
        [wheezy] - rawtherapee <not-affected> (Vulnerable code not present)
        [squeeze] - rawtherapee <not-affected> (Vulnerable code not present)
        - exactimage 0.9.1-13
@@ -11853,6 +11856,8 @@
 CVE-2015-7979 [Off-path Denial of Service (DoS) attack on authenticated 
broadcast mode]
        RESERVED
        - ntp <unfixed>
+       [jessie] - ntp <no-dsa> (Minor issue, can be fixed along in a future 
update)
+       [wheezy] - ntp <no-dsa> (Minor issue, can be fixed along in a future 
update)
        NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
        NOTE: http://support.ntp.org/bin/view/Main/NtpBug2942
        NOTE: 
https://github.com/ntp-project/ntp/commit/fe46889f7baa75fc8e6c0fcde87706d396ce1461


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to