Author: jmm Date: 2017-10-26 09:46:47 +0000 (Thu, 26 Oct 2017) New Revision: 56977
Modified: data/CVE/list Log: openvswitch fixed in experimental Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-10-26 09:45:04 UTC (rev 56976) +++ data/CVE/list 2017-10-26 09:46:47 UTC (rev 56977) @@ -2356,6 +2356,7 @@ NOT-FOR-US: InFocus Mondopad CVE-2017-14970 (In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are ...) - openvswitch <unfixed> (unimportant; bug #877543) + [experimental] - openvswitch 2.8.1+dfsg1-1 NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html NOTE: Not considered a security issue by upstream, see #877543 @@ -18795,18 +18796,21 @@ RESERVED CVE-2017-9265 (In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing ...) - openvswitch <unfixed> (unimportant; bug #863662) + [experimental] - openvswitch 2.8.1+dfsg1-1 [jessie] - openvswitch <not-affected> (Vulnerable code not present) [wheezy] - openvswitch <not-affected> (Vulnerable code not present) NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332965.html NOTE: OpenFlow 1.5 support still incomplete CVE-2017-9264 (In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) ...) - openvswitch <unfixed> (unimportant; bug #863661) + [experimental] - openvswitch 2.8.1+dfsg1-1 [jessie] - openvswitch <not-affected> (Vulnerable code not present; connection tracking support introduced in 2.6.0) [wheezy] - openvswitch <not-affected> (Vulnerable code not present; connection tracking support introduced in 2.6.0) NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-March/329323.html NOTE: Userspace data path not enabled in Debian packaging CVE-2017-9263 (In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status ...) - openvswitch <unfixed> (unimportant; bug #863655) + [experimental] - openvswitch 2.8.1+dfsg1-1 [jessie] - openvswitch <not-affected> (No controllers implemented, cf. #863655) [wheezy] - openvswitch <not-affected> (No controllers implemented, cf. #863655) NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332966.html @@ -19028,6 +19032,7 @@ RESERVED CVE-2017-9214 (In Open vSwitch (OvS) 2.7.0, while parsing an ...) - openvswitch <unfixed> (bug #863228) + [experimental] - openvswitch 2.8.1+dfsg1-1 [stretch] - openvswitch <no-dsa> (Minor issue) [jessie] - openvswitch <not-affected> (Vulnerable code not present) [wheezy] - openvswitch <not-affected> (Vulnerable code not present) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits