[Secure-testing-commits] r40797 - in data: . CVE DSA
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Apr 7 16:51:36 UTC 2016
Author: carnil
Date: 2016-04-07 16:51:36 +0000 (Thu, 07 Apr 2016)
New Revision: 40797
Modified:
data/CVE/list
data/DSA/list
data/dsa-needed.txt
Log:
Reserve DSA number for cgit
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-04-07 16:17:29 UTC (rev 40796)
+++ data/CVE/list 2016-04-07 16:51:36 UTC (rev 40797)
@@ -2450,6 +2450,7 @@
NOTE: patch https://core.spip.net/projects/spip/repository/revisions/22911
CVE-2016-XXXX [Cross-site scripting (XSS) vulnerability in cgit's "txt2html" filter]
- cgit 0.12.0.git2.7.0-1
+ [jessie] - cgit 0.10.2.git2.0.1-3+deb8u1
NOTE: https://git.zx2c4.com/cgit/commit/filters/html-converters/txt2html?id=13c2d3df0440ce04273de3149631a9bd97490c6e
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/03/05/8
CVE-2016-3172 [SQL Injection Vulnerability]
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2016-04-07 16:17:29 UTC (rev 40796)
+++ data/DSA/list 2016-04-07 16:51:36 UTC (rev 40797)
@@ -1,3 +1,6 @@
+[07 Apr 2016] DSA-3545-1 cgit - security update
+ {CVE-2016-1899 CVE-2016-1900 CVE-2016-1901}
+ [jessie] - cgit 0.10.2.git2.0.1-3+deb8u1
[07 Apr 2016] DSA-3544-1 python-django - security update
{CVE-2016-2512 CVE-2016-2513}
[wheezy] - python-django 1.4.5-1+deb7u16
Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2016-04-07 16:17:29 UTC (rev 40796)
+++ data/dsa-needed.txt 2016-04-07 16:51:36 UTC (rev 40797)
@@ -18,9 +18,6 @@
--
botan1.10
--
-cgit (carnil)
- Test packages: https://people.debian.org/~carnil/tmp/cgit/
---
extplorer/oldstable (Thorsten Alteholz)
NOTE: .debdiff sent to the Security Team, waiting for feedback
--
More information about the Secure-testing-commits
mailing list