[Secure-testing-commits] r43941 - data/CVE

Thorsten Alteholz alteholz at moszumanska.debian.org
Thu Aug 11 20:38:49 UTC 2016 

Author: alteholz
Date: 2016-08-11 20:38:49 +0000 (Thu, 11 Aug 2016)
New Revision: 43941

Modified:
   data/CVE/list
Log:
mark sogo CVEs as <end-of-life> as it has been done before

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-08-11 20:11:31 UTC (rev 43940)
+++ data/CVE/list	2016-08-11 20:38:49 UTC (rev 43941)
@@ -1777,12 +1777,14 @@
 CVE-2016-6191 [Persistent Cross-Site Scripting in calendar]
 	RESERVED
 	- sogo <unfixed>
+	[wheezy] - sogo <end-of-life> (not supported in Wheezy LTS)
 	NOTE: https://sogo.nu/bugs/view.php?id=3718
 	NOTE: http://github.com/inverse-inc/sogo/commit/64ce3c9c22fd9a28caabf11e76216cd53d0245aa
 	TODO: check versions
 CVE-2016-6190 [Meta information can be derived from UID/DTSTAMP attributes though "View the Date & Time" restricted access Backend Calendar]
 	RESERVED
 	- sogo <unfixed>
+	[wheezy] - sogo <end-of-life> (not supported in Wheezy LTS)
 	NOTE: Fix SOGo v2: https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225
 	NOTE: Fix SOGo v3: https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d
 	NOTE: https://sogo.nu/bugs/view.php?id=3696
@@ -1790,6 +1792,7 @@
 CVE-2016-6189 [Private information leakage through ics/XML feeds when restricted to "View the Date & Time"]
 	RESERVED
 	- sogo <unfixed>
+	[wheezy] - sogo <end-of-life> (not supported in Wheezy LTS)
 	NOTE: Fix SOGo v2: https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225
 	NOTE: Fix SOGo v3: https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d
 	NOTE: https://sogo.nu/bugs/view.php?id=3695
@@ -1797,6 +1800,7 @@
 CVE-2016-6188 [DOS attack through uploading malicious attachments]
 	RESERVED
 	- sogo <unfixed>
+	[wheezy] - sogo <end-of-life> (not supported in Wheezy LTS)
 	NOTE: http://github.com/inverse-inc/sogo/commit/32bb1456e23a32c7f45079c3985bf732dd0d276d
 	NOTE: https://sogo.nu/bugs/view.php?id=3510
 	TODO: check versions
@@ -2787,6 +2791,7 @@
 CVE-2014-9905 [Script injection in calendar title]
 	RESERVED
 	- sogo <unfixed>
+	[wheezy] - sogo <end-of-life> (not supported in Wheezy LTS)
 	NOTE: https://github.com/inverse-inc/sogo/commit/1a7fc2a0e90a19dfb1fce292ae5ff53aa513ade9
 	NOTE: https://github.com/inverse-inc/sogo/commit/80a09407652ec04e8c9fb6cb48e1029e69a15765
 	NOTE: https://github.com/inverse-inc/sogo/commit/3a5e44e7eb8b390b67a8f8a83030b49606956501

More information about the Secure-testing-commits mailing list