Update information on CVE-2016-11086

Mark it as unimportant as it does not affect the binary packages in
Debian (by default, unless a user has removed the certificates).

1 files changed, 5 insertions, 10 deletions

diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index b53576c383..7381b35be1 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -1,19 +1,14 @@
 CVE-2016-15001
 	REJECTED
 CVE-2016-11086 (lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby doe ...)
-	- ruby-oauth <unfixed> (bug #970932)
-	[stretch] - ruby-oauth <no-dsa> (Minor issue)
+	- ruby-oauth <unfixed> (unimportant; bug #970932)
 	NOTE: https://github.com/oauth-xx/oauth-ruby/issues/137
-	NOTE: For jessie it is declared as minor issue since the package that
-	NOTE: must exist is generated by ca-certificates package and
-	NOTE: ca-certificates in the package dependency list. Hence even though
-	NOTE: the package is vulnerable the problem do not exist in Debian
-	NOTE: unless the admin has explicitly removed the file from the filesystem.
-	NOTE: Should probably be handled the same in other releases.
+	NOTE: Likely minor issue since the package that exist is generated by ca-certificates
+	NOTE: package and ca-certificates in the package dependency list. Hence even though the
+	NOTE: package is vulnerable the problem do not exist in Debian unless the admin has
+	NOTE: explicitly removed the file from the filesystem.
 	NOTE: Fixing this vulnerability can cause a regression in the case the
 	NOTE: admin has intentionally removed this file to not check certificates.
-	NOTE: It could therefore be considered as to be ignored but more should
-	NOTE: have an opinion about this before deciding that.
 CVE-2016-11085 (php/qmn_options_questions_tab.php in the quiz-master-next plugin befor ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2016-11084 (An issue was discovered in Mattermost Server before 2.1.0. It allows X ...)