Author: jmm
Date: 2016-10-18 09:07:07 +0000 (Tue, 18 Oct 2016)
New Revision: 45414

Modified:
   data/CVE/list
Log:
new tor issue
bundler no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-10-18 08:13:20 UTC (rev 45413)
+++ data/CVE/list       2016-10-18 09:07:07 UTC (rev 45414)
@@ -1,3 +1,8 @@
+CVE-2016-XXXX [tor DoS]
+       - tor 0.2.8.9-1
+       NOTE: https://trac.torproject.org/projects/tor/ticket/20384
+       NOTE: https://blog.torproject.org/blog/tor-0289-released-important-fixes
+       NOTE: 
https://github.com/torproject/tor/commit/3cea86eb2fbb65949673eb4ba8ebb695c87a57ce
 CVE-2016-8673
        RESERVED
 CVE-2016-8672
@@ -2536,7 +2541,8 @@
        RESERVED
 CVE-2016-7954 [code execution via gem name collission in bundler]
        RESERVED
-       - bundler <unfixed>
+       - bundler <unfixed> 
+       [jessie] - bundler <no-dsa> (Minor issue, too intrusive to backport)
        NOTE: http://www.openwall.com/lists/oss-security/2016/10/04/5
        NOTE: There is no plan (yet) from upstream to address this for bundler 
1.x
        NOTE: due to lockfile format.
@@ -37742,6 +37748,7 @@
        [wheezy] - glance <not-affected> (Affects Glance 2015.1 versions trough 
2015.1.1)
 CVE-2015-5162 (The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 
8.1.1; ...)
        - cinder <unfixed>
+       [jessie] - cinder <no-dsa> (Minor issue)
        - glance <unfixed> (low)
        [jessie] - glance <no-dsa> (Minor issue)
        [wheezy] - glance <end-of-life> (not supported in Wheezy)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to