Author: sectracker Date: 2017-05-14 21:10:11 +0000 (Sun, 14 May 2017) New Revision: 51625
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-05-14 20:53:19 UTC (rev 51624) +++ data/CVE/list 2017-05-14 21:10:11 UTC (rev 51625) @@ -9493,7 +9493,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2017/01/30/4 NOTE: This CVE exists because of an incomplete fix for CVE-2016-10189 CVE-2016-10189 (BitlBee before 3.5 allows remote attackers to cause a denial of ...) - {DLA-832-1} + {DSA-3853-1 DLA-832-1} - bitlbee 3.5-1 NOTE: https://bugs.bitlbee.org/ticket/1282 NOTE: Fixed by: https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f (3.5) @@ -9502,7 +9502,7 @@ NOTE: https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441 NOTE: to not open CVE-2017-5668 CVE-2016-10188 (Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows ...) - {DLA-832-1} + {DSA-3853-1 DLA-832-1} - bitlbee 3.5-1 NOTE: https://bugs.bitlbee.org/ticket/1281 NOTE: Fixed by: https://github.com/bitlbee/bitlbee/commit/ea902752503fc5b356d6513911081ec932d804f2 (3.5) @@ -16716,6 +16716,7 @@ - bind9 <not-affected> (RHEL6 specific) CVE-2017-3138 [named exits with a REQUIRE assertion failure if it receives a null command string on its control channel] RESERVED + {DSA-3854-1} - bind9 1:9.10.3.dfsg.P4-12.3 (bug #860226) NOTE: https://kb.isc.org/article/AA-01471 NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=a636604b20cc0aaabc8edbb7595f7c1c820b7610 @@ -16726,6 +16727,7 @@ NOTE: The CVE-2017-3138 is barely an issue in practice anyway. CVE-2017-3137 [A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME] RESERVED + {DSA-3854-1} - bind9 1:9.10.3.dfsg.P4-12.3 (bug #860225) NOTE: https://kb.isc.org/article/AA-01466 NOTE: Additional information for backporting patch: http://www.openwall.com/lists/oss-security/2017/04/17/5 @@ -16734,6 +16736,7 @@ NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=7ab9e8e00775782d474522a5b2bffba8daefefa5 (regression fix) CVE-2017-3136 [An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;"] RESERVED + {DSA-3854-1} - bind9 1:9.10.3.dfsg.P4-12.3 (bug #860224) NOTE: https://kb.isc.org/article/AA-01465 NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=764240ca07ab1b796226d5402ccd9fbfa77ec32a _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits