Author: pochu
Date: 2017-09-26 17:43:15 +0000 (Tue, 26 Sep 2017)
New Revision: 56160
Modified:
data/CVE/list
data/dla-needed.txt
Log:
mark mcollective as no-dsa for wheezy too
This is about untrusted input, but an untrusted server could do nastier things
anyway
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-26 17:41:29 UTC (rev 56159)
+++ data/CVE/list 2017-09-26 17:43:15 UTC (rev 56160)
@@ -36651,6 +36651,7 @@
CVE-2017-2292 (Versions of MCollective prior to 2.10.4 deserialized YAML from
agents ...)
- mcollective <unfixed> (bug #866711)
[jessie] - mcollective <no-dsa> (Minor issue)
+ [wheezy] - mcollective <no-dsa> (Minor issue)
NOTE: https://puppet.com/security/cve/cve-2017-2292
NOTE:
https://github.com/puppetlabs/marionette-collective/commit/e0e741889f5adeb8f75387037106b0d28a9099b0
CVE-2017-2291
@@ -63701,6 +63702,7 @@
CVE-2016-2788 (MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet ...)
- mcollective <unfixed> (bug #850968)
[jessie] - mcollective <no-dsa> (Minor issue)
+ [wheezy] - mcollective <no-dsa> (Minor issue)
NOTE: https://puppet.com/security/cve/cve-2016-2788
NOTE:
https://github.com/puppetlabs/marionette-collective/commit/4918a0f136aea04452b48a1ba29eb9aabcf5c97d
CVE-2016-2787 (The Puppet Communications Protocol in Puppet Enterprise
2015.3.x ...)
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-09-26 17:41:29 UTC (rev 56159)
+++ data/dla-needed.txt 2017-09-26 17:43:15 UTC (rev 56160)
@@ -76,9 +76,6 @@
--
linux
--
-mcollective (Emilio Pozuelo)
- NOTE: See https://lists.debian.org/debian-lts/2017/03/msg00008.html
---
ming
NOTE: 20170916: patches unavailable
--
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
