Author: carnil Date: 2017-11-30 18:06:04 +0000 (Thu, 30 Nov 2017) New Revision: 58149
Modified: data/CVE/list Log: Update older Qpid Java Broker NFUs to now track itp'ed bug #840131 Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-30 17:55:14 UTC (rev 58148) +++ data/CVE/list 2017-11-30 18:06:04 UTC (rev 58149) @@ -53407,7 +53407,7 @@ CVE-2016-8742 RESERVED CVE-2016-8741 (The Apache Qpid Broker for Java can be configured to use different so ...) - NOT-FOR-US: Apache Qpid Java Broker + - qpid-java <itp> (bug #840131) CVE-2016-8740 (The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, ...) - apache2 2.4.25-1 (bug #847124) [jessie] - apache2 <not-affected> (Vulnerable code not present) @@ -66513,7 +66513,7 @@ CVE-2016-4975 RESERVED CVE-2016-4974 (Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before ...) - NOT-FOR-US: Apache Qpid Java Broker + - qpid-java <itp> (bug #840131) CVE-2016-4973 (Binaries compiled against targets that use the libssp library in GCC ...) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1324759 - gcc-6 <not-affected> (Uses glibc-internal SSP) @@ -68258,7 +68258,7 @@ - libstruts1.2-java <not-affected> (Only affects 2.3.20 to 2.3.28.1) NOTE: https://struts.apache.org/docs/s2-039.html CVE-2016-4432 (The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid ...) - NOT-FOR-US: Apache Qpid Java Broker + - qpid-java <itp> (bug #840131) CVE-2016-4431 (Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to ...) - libstruts1.2-java <not-affected> (Only affects 2.3.20 to 2.3.28.1) NOTE: https://struts.apache.org/docs/s2-040.html @@ -71836,7 +71836,7 @@ CVE-2016-3095 (server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local ...) NOT-FOR-US: Pulp (Red Hat) CVE-2016-3094 (PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker ...) - NOT-FOR-US: Apache Qpid Java Broker + - qpid-java <itp> (bug #840131) CVE-2016-3093 (Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method ...) - libstruts1.2-java <not-affected> (Only affects Struts 2.x) NOTE: https://struts.apache.org/docs/s2-034.html _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits