[Secure-testing-commits] r46874 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Dec 8 06:45:16 UTC 2016
Author: carnil
Date: 2016-12-08 06:45:16 +0000 (Thu, 08 Dec 2016)
New Revision: 46874
Modified:
data/CVE/list
Log:
Two CVEs assigned for html5lib
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-08 05:36:28 UTC (rev 46873)
+++ data/CVE/list 2016-12-08 06:45:16 UTC (rev 46874)
@@ -1247,12 +1247,18 @@
NOTE: https://blog.ripstech.com/2016/roundcube-command-execution-via-email/
NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/f84233785ddeed01445fc855f3ae1e8a62f167e1
NOTE: CVE has been already requested by discoverer of the issue and will be published "shortly"
-CVE-2016-XXXX [cross-site scripting vulnerability]
+CVE-2016-9910 [for the mishandling of all of the other mentioned characters in attribute values]
- html5lib 0.999999999-1
[jessie] - html5lib <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7
NOTE: https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/python/sid-3068
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/06/5
+ NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/5
+CVE-2016-9909 [for the mishandling of the '<' character in attribute values]
+ - html5lib 0.999999999-1
+ [jessie] - html5lib <no-dsa> (Minor issue)
+ NOTE: Fixed by: https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7
+ NOTE: https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/python/sid-3068
+ NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/5
CVE-2017-3149
RESERVED
CVE-2017-3148
More information about the Secure-testing-commits
mailing list