Author: rbalint
Date: 2016-11-19 09:27:58 +0000 (Sat, 19 Nov 2016)
New Revision: 46339
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Mark #841257, sendmail no-dsa in wheezy
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-19 09:23:31 UTC (rev 46338)
+++ data/CVE/list 2016-11-19 09:27:58 UTC (rev 46339)
@@ -2020,6 +2020,8 @@
CVE-2016-XXXX [sendmail: Privilege escalation from group smmsp to root]
- sendmail <unfixed> (bug #841257)
[jessie] - sendmail <no-dsa> (Minor issue)
+ [wheezy] - sendmail <no-dsa> (Minor issue)
+ NOTE: no unprivileged user should be in smmsp group and there is no
known vulnerability to gain smmsp group membership
CVE-2016-8885
RESERVED
- jasper <not-affected> (Incomplete fix for CVE-2016-8690 not applied)
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2016-11-19 09:23:31 UTC (rev 46338)
+++ data/dla-needed.txt 2016-11-19 09:27:58 UTC (rev 46339)
@@ -99,8 +99,6 @@
--
potrace
--
-sendmail
---
tiff
--
tomcat6 (Markus Koschany)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
