[Secure-testing-commits] r46909 - in data: CVE DLA
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Dec 8 19:24:43 UTC 2016
Author: carnil
Date: 2016-12-08 19:24:43 +0000 (Thu, 08 Dec 2016)
New Revision: 46909
Modified:
data/CVE/list
data/DLA/list
Log:
CVE-2016-9920 assigned for roundcube
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-08 19:21:23 UTC (rev 46908)
+++ data/CVE/list 2016-12-08 19:24:43 UTC (rev 46909)
@@ -1267,13 +1267,10 @@
RESERVED
CVE-2017-3150
RESERVED
-CVE-2016-XXXX [Command Execution via Email]
+CVE-2016-9920 [Command Execution via Email]
- roundcube <unfixed> (bug #847287)
- [wheezy] - roundcube 0.7.2-9+deb7u5
- NOTE: Workaround entry for DLA-737-1 until CVE assigned
NOTE: https://blog.ripstech.com/2016/roundcube-command-execution-via-email/
NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/f84233785ddeed01445fc855f3ae1e8a62f167e1
- NOTE: CVE has been already requested by discoverer of the issue and will be published "shortly"
CVE-2016-9910 [for the mishandling of all of the other mentioned characters in attribute values]
- html5lib 0.999999999-1
[jessie] - html5lib <no-dsa> (Minor issue)
Modified: data/DLA/list
===================================================================
--- data/DLA/list 2016-12-08 19:21:23 UTC (rev 46908)
+++ data/DLA/list 2016-12-08 19:24:43 UTC (rev 46909)
@@ -1,4 +1,5 @@
[08 Dec 2016] DLA-737-1 roundcube - security update
+ {CVE-2016-9920}
[wheezy] - roundcube 0.7.2-9+deb7u5
[07 Dec 2016] DLA-736-1 gst-plugins-bad0.10 - security update
{CVE-2016-9809}
More information about the Secure-testing-commits
mailing list