The following contributions were made:
- Investigation of regression problem due to the nss (DLA-677-1) update. The conclusion is that this is a general problem for all applications that fork (at least in some situations) but it looks like only chrome were affected. No further update was done on this.
- Front desk work.
Did the following conclusions:- nss vulnerable. Motivation: Redhat have issued correcton for this.
- mcabber vulnerable. Motivation: Another package with similar vulnerability have a fix and DLA sent for that one.
- ntp vulnerable. There were a few CVEs to triage but only the following were marked as no-dsa:
- CVE-2016-7429
- CVE-2016-7431 (vulnerable code not affected)
- CVE-2016-7433
- maradns vulnerable.
- qemu vulnerable (but that was not true)
- xen vulnerable.
- lxc vulnerable.
- w3c vulnerable but some of the issues shall be considered as non-dsa.
- xen vulnerable (again).
- w3m vulnerable but the following were tagged no-dsa:
- CVE-2016-9622
- CVE-2016-9623
- CVE-2016-9624
- CVE-2016-9628
- CVE-2016-9629
- CVE-2016-9631
- tiff vulnerable but the following were marked as no-dsa.
- CVE-2016-9538
- libsoap-lite-perl vulnerable