Author: carnil
Date: 2016-03-20 12:44:46 +0000 (Sun, 20 Mar 2016)
New Revision: 40476
Modified:
data/CVE/list
Log:
Mark CVE-2016-2570/squid3 as no-dsa for jessie and wheezy
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-03-20 12:29:12 UTC (rev 40475)
+++ data/CVE/list 2016-03-20 12:44:46 UTC (rev 40476)
@@ -2523,6 +2523,8 @@
NOTE: Upstream confirmed it does not affect squid 2.7.x
CVE-2016-2570 (The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15
and 4.x ...)
- squid3 3.5.15-1 (bug #816011)
+ [jessie] - squid3 <no-dsa> (Minor issue, needs ubstantial backporting;
too intrusive to backport)
+ [wheezy] - squid3 <no-dsa> (Minor issue, needs ubstantial backporting;
too intrusive to backport)
- squid <not-affected> (Vulnerable code not present)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
NOTE:
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13993.patch
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
