[Secure-testing-commits] r33852 - in data: CVE DSA

Sun, 26 Apr 2015 01:47:58 -0700 

Author: carnil
Date: 2015-04-26 08:47:10 +0000 (Sun, 26 Apr 2015)
New Revision: 33852

Modified:
   data/CVE/list
   data/DSA/list
Log:
Workaround issue with CVE-2015-3332 in tracker showing wheezy as unfixed

When having an entry for wheezy as well in data/DSA/list for one item,
but having it <not-affected> in data/CVE/list the entry in DSA list
invalidates the not-affected status. Woraround by moving the fixed
version for jessie directly in CVE/list.

This though has the unpleasend side effect that CVE-2015-3332 will not
be shown in https://security-tracker.debian.org/tracker/DSA-3237-1 but
at least will be correctly in the mail and in the generated webpage.

TODO: check if this can be fixed somehow on security-tracker side.

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2015-04-26 08:21:20 UTC (rev 33851)
+++ data/CVE/list       2015-04-26 08:47:10 UTC (rev 33852)
@@ -886,6 +886,7 @@
 CVE-2015-3332 [TCP Fast Open local DoS]
        RESERVED
        - linux 3.16.7-ckt9-3 (bug #782515)
+       [jessie] - linux 3.16.7-ckt9-3~deb8u1
        [wheezy] - linux <not-affected> (TCP Fast Open introduced in v3.6-rc1)
        - linux-2.6 <not-affected> (TCP Fast Open introduced in v3.6-rc1)
        NOTE: http://www.openwall.com/lists/oss-security/2015/04/14/14

Modified: data/DSA/list
===================================================================
--- data/DSA/list       2015-04-26 08:21:20 UTC (rev 33851)
+++ data/DSA/list       2015-04-26 08:47:10 UTC (rev 33852)
@@ -1,5 +1,5 @@
 [26 Apr 2015] DSA-3237-1 linux - security update
-       {CVE-2014-8159 CVE-2014-9715 CVE-2015-2041 CVE-2015-2042 CVE-2015-2150 
CVE-2015-2830 CVE-2015-2922 CVE-2015-3331 CVE-2015-3332 CVE-2015-3339}
+       {CVE-2014-8159 CVE-2014-9715 CVE-2015-2041 CVE-2015-2042 CVE-2015-2150 
CVE-2015-2830 CVE-2015-2922 CVE-2015-3331 CVE-2015-3339}
        [wheezy] - linux 3.2.68-1+deb7u1
        [jessie] - linux 3.16.7-ckt9-3~deb8u1
 [25 Apr 2015] DSA-3236-1 libreoffice - security update


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to