From 4e42cd0d189a6ea79bd88ef5cdd533de8f2051d0 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Tue, 15 Dec 2020 21:11:45 +0100 Subject: Update information on CVE-2016-11086 Mark it as unimportant as it does not affect the binary packages in Debian (by default, unless a user has removed the certificates). --- data/CVE/2016.list | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) (limited to 'data/CVE/2016.list') diff --git a/data/CVE/2016.list b/data/CVE/2016.list index b53576c383..7381b35be1 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -1,19 +1,14 @@ CVE-2016-15001 REJECTED CVE-2016-11086 (lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby doe ...) - - ruby-oauth (bug #970932) - [stretch] - ruby-oauth (Minor issue) + - ruby-oauth (unimportant; bug #970932) NOTE: https://github.com/oauth-xx/oauth-ruby/issues/137 - NOTE: For jessie it is declared as minor issue since the package that - NOTE: must exist is generated by ca-certificates package and - NOTE: ca-certificates in the package dependency list. Hence even though - NOTE: the package is vulnerable the problem do not exist in Debian - NOTE: unless the admin has explicitly removed the file from the filesystem. - NOTE: Should probably be handled the same in other releases. + NOTE: Likely minor issue since the package that exist is generated by ca-certificates + NOTE: package and ca-certificates in the package dependency list. Hence even though the + NOTE: package is vulnerable the problem do not exist in Debian unless the admin has + NOTE: explicitly removed the file from the filesystem. NOTE: Fixing this vulnerability can cause a regression in the case the NOTE: admin has intentionally removed this file to not check certificates. - NOTE: It could therefore be considered as to be ignored but more should - NOTE: have an opinion about this before deciding that. CVE-2016-11085 (php/qmn_options_questions_tab.php in the quiz-master-next plugin befor ...) NOT-FOR-US: Wordpress plugin CVE-2016-11084 (An issue was discovered in Mattermost Server before 2.1.0. It allows X ...) -- cgit v1.2.3