Author: hertzog
Date: 2017-05-12 10:06:46 +0000 (Fri, 12 May 2017)
New Revision: 51574
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Mark CVE-2017-6463 and CVE-2017-6464 as no-dsa on wheezy too
And thus drop the package from dla-needed.txt. Both issues affect
only authenticated users.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-12 10:06:35 UTC (rev 51573)
+++ data/CVE/list 2017-05-12 10:06:46 UTC (rev 51574)
@@ -6710,11 +6710,13 @@
CVE-2017-6464 (NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote
attackers to ...)
- ntp 1:4.2.8p10+dfsg-1 (low)
[jessie] - ntp <no-dsa> (Minor issue)
+ [wheezy] - ntp <no-dsa> (Minor issue)
NOTE: http://support.ntp.org/bin/view/Main/NtpBug3389
NOTE: https://cure53.de/pentest-report_ntp.pdf
CVE-2017-6463 (NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote ...)
- ntp 1:4.2.8p10+dfsg-1
[jessie] - ntp <no-dsa> (Minor issue)
+ [wheezy] - ntp <no-dsa> (Minor issue)
NOTE: http://support.ntp.org/bin/view/Main/NtpBug3387
NOTE: https://cure53.de/pentest-report_ntp.pdf
CVE-2017-6462 (Buffer overflow in the legacy Datum Programmable Time Server
(DPTS) ...)
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-05-12 10:06:35 UTC (rev 51573)
+++ data/dla-needed.txt 2017-05-12 10:06:46 UTC (rev 51574)
@@ -84,9 +84,6 @@
--
nss
--
-ntp
- NOTE: The maintainer will handle this security update.
---
openjdk-7 (Emilio Pozuelo)
--
openvpn
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
