[Secure-testing-commits] r44091 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Aug 22 18:29:07 UTC 2016
Author: carnil
Date: 2016-08-22 18:29:07 +0000 (Mon, 22 Aug 2016)
New Revision: 44091
Modified:
data/CVE/list
Log:
Add fixed version for CVE-2016-631{6,7}/rails, #834154, #834155
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-08-22 18:27:37 UTC (rev 44090)
+++ data/CVE/list 2016-08-22 18:29:07 UTC (rev 44091)
@@ -1604,12 +1604,12 @@
NOTE: In Debian compiled with CPPFLAGS="-D_FORTIFY_SOURCE=2" so, at most application crash
CVE-2016-6317 [unsafe query generation in Active Record]
RESERVED
- - rails <unfixed> (bug #834154)
+ - rails 2:4.2.7.1-1 (bug #834154)
[jessie] - rails <not-affected> (Vulnerable code not present, introduced in 4.2)
[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package and introduced in 4.2 anyway)
CVE-2016-6316 [Possible XSS Vulnerability in Action View]
RESERVED
- - rails <unfixed> (low; bug #834155)
+ - rails 2:4.2.7.1-1 (low; bug #834155)
[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
TODO: Rails in wheezy uses several split source packages
CVE-2016-6315
More information about the Secure-testing-commits
mailing list