Author: apo
Date: 2016-09-17 12:07:41 +0000 (Sat, 17 Sep 2016)
New Revision: 44676

Modified:
   data/CVE/list
Log:
bash: CVE-2016-0634: Mark as no-dsa because /etc/hosts and /etc/hostname are

controlled by root.

icu: CVE-2016-7415: Disputed if this is a bug in icu. Mainly an issue in PHP.


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-09-17 11:15:13 UTC (rev 44675)
+++ data/CVE/list       2016-09-17 12:07:41 UTC (rev 44676)
@@ -2264,6 +2264,7 @@
        NOTE: Related code in 
http://source.icu-project.org/repos/icu/icu/trunk/source/common/locid.cpp file
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73007
        NOTE: PHP fix: 
https://github.com/php/php-src/commit/6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b?w=1
+       NOTE: Unclear how this should be fixed for icu, if at all. Issue is 
mainly in PHP.
 CVE-2016-7414 [Out of bound when verify signature of zip phar in 
phar_parse_zipfile]
        RESERVED
        - php7.0 <unfixed>
@@ -24852,6 +24853,7 @@
        RESERVED
        - bash <unfixed>
        [jessie] - bash <no-dsa> (Minor issue)
+       [wheezy] - bash <no-dsa> (Minor issue)
        NOTE: http://www.openwall.com/lists/oss-security/2016/09/16/8
        NOTE: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025
        NOTE: Fixed bin Bash upstream bash-4.4


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to