diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-12-15 21:11:45 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-12-15 21:47:23 +0100 |
commit | 4e42cd0d189a6ea79bd88ef5cdd533de8f2051d0 (patch) | |
tree | 0508a6a334ecece502d2a770e72a025823f48302 /data/CVE/2016.list | |
parent | 2646e3b3ed066bde3845040650805b39923aabf8 (diff) |
Update information on CVE-2016-11086
Mark it as unimportant as it does not affect the binary packages in
Debian (by default, unless a user has removed the certificates).
Diffstat (limited to 'data/CVE/2016.list')
-rw-r--r-- | data/CVE/2016.list | 15 |
1 files changed, 5 insertions, 10 deletions
diff --git a/data/CVE/2016.list b/data/CVE/2016.list index b53576c383..7381b35be1 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -1,19 +1,14 @@ CVE-2016-15001 REJECTED CVE-2016-11086 (lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby doe ...) - - ruby-oauth <unfixed> (bug #970932) - [stretch] - ruby-oauth <no-dsa> (Minor issue) + - ruby-oauth <unfixed> (unimportant; bug #970932) NOTE: https://github.com/oauth-xx/oauth-ruby/issues/137 - NOTE: For jessie it is declared as minor issue since the package that - NOTE: must exist is generated by ca-certificates package and - NOTE: ca-certificates in the package dependency list. Hence even though - NOTE: the package is vulnerable the problem do not exist in Debian - NOTE: unless the admin has explicitly removed the file from the filesystem. - NOTE: Should probably be handled the same in other releases. + NOTE: Likely minor issue since the package that exist is generated by ca-certificates + NOTE: package and ca-certificates in the package dependency list. Hence even though the + NOTE: package is vulnerable the problem do not exist in Debian unless the admin has + NOTE: explicitly removed the file from the filesystem. NOTE: Fixing this vulnerability can cause a regression in the case the NOTE: admin has intentionally removed this file to not check certificates. - NOTE: It could therefore be considered as to be ignored but more should - NOTE: have an opinion about this before deciding that. CVE-2016-11085 (php/qmn_options_questions_tab.php in the quiz-master-next plugin befor ...) NOT-FOR-US: Wordpress plugin CVE-2016-11084 (An issue was discovered in Mattermost Server before 2.1.0. It allows X ...) |