[Secure-testing-commits] r56082 - in data: . CVE

Sun, 24 Sep 2017 01:01:28 -0700 

Author: carnil
Date: 2017-09-24 08:00:44 +0000 (Sun, 24 Sep 2017)
New Revision: 56082

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
Mark db issues as no-dsa

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-09-24 05:35:37 UTC (rev 56081)
+++ data/CVE/list       2017-09-24 08:00:44 UTC (rev 56082)
@@ -13100,6 +13100,8 @@
 CVE-2017-10140 [Berkeley DB reads DB_CONFIG from cwd]
        RESERVED
        - db5.3 5.3.28-13.1 (bug #872436)
+       [stretch] - db5.3 <no-dsa> (Minor issue; will be fixed via point 
release)
+       [jessie] - db5.3 <no-dsa> (Minor issue; will be fixed via point release)
        - db5.2 <removed>
        - db5.1 <removed>
        - db4.8 <removed>
@@ -13112,6 +13114,7 @@
        - db4.1 <removed>
        - db4.0 <removed>
        - db <removed>
+       [jessie] - db <no-dsa> (Minor issue; will be fixed via point release)
        NOTE: http://www.openwall.com/lists/oss-security/2017/08/12/1
        NOTE: Patch as used in Fedora: 
https://src.fedoraproject.org/rpms/libdb/raw/8047fa8580659fcae740c25e91b490539b8453eb/f/db-5.3.28-cwd-db_config.patch
        NOTE: and is acknowledged by libdb upstream, cf. 
https://bugzilla.redhat.com/show_bug.cgi?id=1464032#c9

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2017-09-24 05:35:37 UTC (rev 56081)
+++ data/dsa-needed.txt 2017-09-24 08:00:44 UTC (rev 56082)
@@ -18,22 +18,6 @@
 --
 curl (ghedo)
 --
-db/oldstable
-  Needs to be seen how it's fixed by Oracle and whether it's isolatable or 
whether it's
-  possible to rebase to a new upstream
-  Existing applications might rely on existing behaviour, monitor in unstable 
for a
-  month
-  As per 2017-09-12 no obvious regressions were reported, maybe still go via a 
point
-  release.
---
-db5.3
-  Needs to be seen how it's fixed by Oracle and whether it's isolatable or 
whether it's
-  possible to rebase to a new upstream
-  Existing applications might rely on existing behaviour, monitor in unstable 
for a
-  month
-  As per 2017-09-12 no obvious regressions were reported, maybe still go via a 
point
-  release.
---
 ghostscript (carnil)
 --
 graphicsmagick


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to