Author: apo
Date: 2017-08-05 13:08:06 +0000 (Sat, 05 Aug 2017)
New Revision: 54316

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
CVE-2017-12425,varnish: Mark as not affected in Wheezy

According to upstream the code path is not exposed to clients and thus is not a
security issue in this version.




Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-08-05 11:29:25 UTC (rev 54315)
+++ data/CVE/list       2017-08-05 13:08:06 UTC (rev 54316)
@@ -640,6 +640,7 @@
 CVE-2017-12425 (An issue was discovered in Varnish HTTP Cache 4.0.1 through 
4.0.4, ...)
        {DSA-3924-1}
        - varnish <unfixed> (bug #870467)
+       [wheezy] - varnish <not-affected> (code path is not exposed to clients)
        NOTE: https://www.varnish-cache.org/security/VSV00001.html#vsv00001
        NOTE: https://github.com/varnishcache/varnish-cache/issues/2379
        NOTE: 
https://github.com/varnishcache/varnish-cache/commit/09731b24b2225e3c0d66d3ec1b4fedef6fa22b6e

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-08-05 11:29:25 UTC (rev 54315)
+++ data/dla-needed.txt 2017-08-05 13:08:06 UTC (rev 54316)
@@ -168,9 +168,6 @@
   NOTE: 20170711, Version 3.9.6-11+deb7u7 fixes CVE-2017-9936 (DLA-1023-1)
   NOTE: CVE-2017-9935 is still unresolved upstream
 --
-varnish (Markus Koschany)
-  NOTE: Asked for clarification at 
https://github.com/varnishcache/varnish-cache/issues/2379
---
 wireshark
 --
 wordpress


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to