[Secure-testing-commits] r47162 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Dec 17 05:36:40 UTC 2016
Author: carnil
Date: 2016-12-17 05:36:40 +0000 (Sat, 17 Dec 2016)
New Revision: 47162
Modified:
data/CVE/list
Log:
Add new python-bottle issue, CVE-2016-9964
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-17 05:36:01 UTC (rev 47161)
+++ data/CVE/list 2016-12-17 05:36:40 UTC (rev 47162)
@@ -1,5 +1,9 @@
CVE-2016-582384
REJECTED
+CVE-2016-9964 [redirect() doesn't filter "\r\n" which allows for CRLF attack]
+ - python-bottle <unfixed>
+ NOTE: Upstream bug: https://github.com/bottlepy/bottle/issues/913
+ NOTE: Upstream patch: https://github.com/bottlepy/bottle/commit/6d7e13da0f998820800ecb3fe9ccee4189aefb54
CVE-2016-9963 [disclosure of private information]
- exim4 <unfixed>
NOTE: https://bugs.exim.org/show_bug.cgi?id=1996
More information about the Secure-testing-commits
mailing list