Thorsten Alteholz · Thorsten Alteholz · Thorsten Alteholz · 7a6de499
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -43679,8 +43679,10 @@ CVE-2017-15136 (When registering and activating a new system with Red Hat Satell
 	NOT-FOR-US: Red Hat Satellite 6
 CVE-2017-15135 (It was found that 389-ds-base since 1.3.6.1 up to and including ...)
 	- 389-ds-base 1.3.7.9-1 (bug #888451)
+	[jessie] - 389-ds-base <no-dsa> (vulnerable code (patch for CVE-2016-5405) not yet applied)
 CVE-2017-15134 (A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x ...)
 	- 389-ds-base 1.3.7.9-1 (bug #888452)
+	NOTE: Fixed by: https://pagure.io/389-ds-base/c/6aa2acdc3cad9
 CVE-2017-15133 (A denial of service flaw was found in miekg-dns before 1.0.4. A remote ...)
 	- golang-github-miekg-dns 0.0~git20170501.0.f282f80-3 (bug #888777)
 	[stretch] - golang-github-miekg-dns <no-dsa> (Minor issue)
@@ -101783,6 +101785,10 @@ CVE-2016-5406 (The domain controller in Red Hat JBoss Enterprise Application Pla
 	NOT-FOR-US: JBoss EAP
 CVE-2016-5405 (389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, ...)
 	- 389-ds-base 1.3.5.15-1 (bug #842121)
+	[jessie] - 389-ds-base <no-dsa> (minor issue)
+	NOTE: This affects systems storing passwords in plain text.
+	NOTE: Systems using unsalted hashes might be unsafe as well if using weak
+	NOTE: hash algorithms, however the attack would be very time-consuming.
 CVE-2016-5404 (The cert_revoke command in FreeIPA does not check for the &quot;revoke ...)
 	- freeipa 4.3.2-5 (bug #835131)
 	NOTE: https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=cf74584d0f772f3f5eccc1d30c001e4212a104fd (master)