[Secure-testing-commits] r58149 - data/CVE

Thu, 30 Nov 2017 10:06:39 -0800 

Author: carnil
Date: 2017-11-30 18:06:04 +0000 (Thu, 30 Nov 2017)
New Revision: 58149

Modified:
   data/CVE/list
Log:
Update older Qpid Java Broker NFUs to now track itp'ed bug #840131

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-11-30 17:55:14 UTC (rev 58148)
+++ data/CVE/list       2017-11-30 18:06:04 UTC (rev 58149)
@@ -53407,7 +53407,7 @@
 CVE-2016-8742
        RESERVED
 CVE-2016-8741 (The Apache Qpid Broker for Java can be configured to use 
different so ...)
-       NOT-FOR-US: Apache Qpid Java Broker
+       - qpid-java <itp> (bug #840131)
 CVE-2016-8740 (The mod_http2 module in the Apache HTTP Server 2.4.17 through 
2.4.23, ...)
        - apache2 2.4.25-1 (bug #847124)
        [jessie] - apache2 <not-affected> (Vulnerable code not present)
@@ -66513,7 +66513,7 @@
 CVE-2016-4975
        RESERVED
 CVE-2016-4974 (Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) 
before ...)
-       NOT-FOR-US: Apache Qpid Java Broker
+       - qpid-java <itp> (bug #840131)
 CVE-2016-4973 (Binaries compiled against targets that use the libssp library 
in GCC ...)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1324759
        - gcc-6 <not-affected> (Uses glibc-internal SSP)
@@ -68258,7 +68258,7 @@
        - libstruts1.2-java <not-affected> (Only affects 2.3.20 to 2.3.28.1)
        NOTE: https://struts.apache.org/docs/s2-039.html
 CVE-2016-4432 (The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache 
Qpid ...)
-       NOT-FOR-US: Apache Qpid Java Broker
+       - qpid-java <itp> (bug #840131)
 CVE-2016-4431 (Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers 
to ...)
        - libstruts1.2-java <not-affected> (Only affects 2.3.20 to 2.3.28.1)
        NOTE: https://struts.apache.org/docs/s2-040.html
@@ -71836,7 +71836,7 @@
 CVE-2016-3095 (server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows 
local ...)
        NOT-FOR-US: Pulp (Red Hat)
 CVE-2016-3094 (PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the 
broker ...)
-       NOT-FOR-US: Apache Qpid Java Broker
+       - qpid-java <itp> (bug #840131)
 CVE-2016-3093 (Apache Struts 2.0.0 through 2.3.24.1 does not properly cache 
method ...)
        - libstruts1.2-java <not-affected> (Only affects Struts 2.x)
        NOTE: https://struts.apache.org/docs/s2-034.html


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to