[Secure-testing-commits] r42494 - data/CVE

Salvatore Bonaccorso Sun, 12 Jun 2016 21:38:27 -0700

Author: carnil
Date: 2016-06-13 04:38:06 +0000 (Mon, 13 Jun 2016)
New Revision: 42494


Modified:
   data/CVE/list
Log:
Expand note for CVE-2016-5361

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-06-13 04:24:29 UTC (rev 42493)
+++ data/CVE/list       2016-06-13 04:38:06 UTC (rev 42494)
@@ -77,7 +77,10 @@
 CVE-2016-5361
        RESERVED
        - libreswan <itp> (bug #773459)
-       TODO: check other implementations, but CVE is assigned specific to 
libreswan
+       NOTE: Possibly the CVE should be rejected: 
http://www.openwall.com/lists/oss-security/2016/06/13/1
+       NOTE: MITRE has not assigned the CVE to the protocol flaw, but specific 
to libreswan, but as
+       NOTE: Huzaifa Sidhpurwala <huzai...@redhat.com> pointed out that is not 
a libreswan issue, rather
+       NOTE: the protocol is flawed.
 CVE-2016-5360 [remote denial of service via reqdeny]
        RESERVED
        - haproxy 1.6.5-2 (bug #826869)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r42494 - data/CVE

Reply via email to