[Secure-testing-commits] r43808 - data/CVE
Markus Koschany
apo at moszumanska.debian.org
Sat Aug 6 10:32:23 UTC 2016
Author: apo
Date: 2016-08-06 10:32:21 +0000 (Sat, 06 Aug 2016)
New Revision: 43808
Modified:
data/CVE/list
Log:
CVE-2015-8379: Wheezy not affected, vulnerable code not present
CSRF methods are not implemented hence CSRF validation cannot be tricked
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-08-06 10:25:00 UTC (rev 43807)
+++ data/CVE/list 2016-08-06 10:32:21 UTC (rev 43808)
@@ -21611,6 +21611,7 @@
CVE-2015-8379 (CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to ...)
- cakephp 2.8.0-1 (bug #832316)
[jessie] - cakephp <no-dsa> (Minor issue)
+ [wheezy] - cakephp <not-affected> (vulnerable code not present)
NOTE: http://karmainsecurity.com/KIS-2016-01
NOTE: https://github.com/cakephp/cakephp/commit/0f818a23a876c01429196bf7623e1e94a50230f0
CVE-2015-8400 (The HTTPS fallback implementation in Shell In A Box (aka shellinabox) ...)
More information about the Secure-testing-commits
mailing list