[Secure-testing-commits] r44068 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Aug 19 20:18:20 UTC 2016
Author: carnil
Date: 2016-08-19 20:18:20 +0000 (Fri, 19 Aug 2016)
New Revision: 44068
Modified:
data/CVE/list
Log:
Update information for CVE-2016-6866
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-08-19 19:54:16 UTC (rev 44067)
+++ data/CVE/list 2016-08-19 20:18:20 UTC (rev 44068)
@@ -25,10 +25,14 @@
- hhvm <unfixed>
NOTE: https://github.com/facebook/hhvm/commit/365abe807cab2d60dc9ec307292a06181f77a9c2
CVE-2016-6866
- - suckless-tools <unfixed>
+ - suckless-tools 41-1
[jessie] - suckless-tools <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2016/08/18/22
NOTE: http://s1m0n.dft-labs.eu/files/slock/
+ NOTE: Starting with 41-1 slock.c got patched to use PAM, cf. #739629
+ NOTE: and with the patch readpw(dpy, pws) is not called anymore, and
+ NOTE: thus in readpw, not calling crypt(passwd, pws) with a possibly
+ NOTE: empty pws.
CVE-2016-6837 [XSS in view_all_bug_page.php]
- mantis <removed>
NOTE: https://mantisbt.org/bugs/view.php?id=21611
More information about the Secure-testing-commits
mailing list