[Secure-testing-commits] r47141 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Fri Dec 16 19:34:53 UTC 2016


Author: carnil
Date: 2016-12-16 19:34:53 +0000 (Fri, 16 Dec 2016)
New Revision: 47141

Modified:
   data/CVE/list
Log:
Clarify scope for CVE-2016-9565

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-12-16 19:33:34 UTC (rev 47140)
+++ data/CVE/list	2016-12-16 19:34:53 UTC (rev 47141)
@@ -8036,7 +8036,9 @@
 	RESERVED
 	- nagios3 3.5.1-1
 	NOTE: https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html
-	NOTE: The RSS feed and call-home was removed in Nagios 3.5.1-1 where the affected function was removed
+	NOTE: The RSS feed and call-home was removed in src:nagios3 3.5.1-1 where the affected
+	NOTE: function was removed.
+	NOTE: The scope of the CVE is specific to Nagios.
 CVE-2016-9564 (Buffer overflow in send_redirect() in Boa Webserver 0.92r allows ...)
 	- boa <not-affected> (the vuln was removed in 0.93.14)
 	NOTE: http://www.ljcusack.io/cve-2016-9564-stack-based-buffer-overflow-in-boa-0-dot-92r




More information about the Secure-testing-commits mailing list