[Secure-testing-commits] r39497 - data/CVE
Antoine Beaupré
anarcat at moszumanska.debian.org
Fri Feb 5 21:20:36 UTC 2016
Author: anarcat
Date: 2016-02-05 21:20:36 +0000 (Fri, 05 Feb 2016)
New Revision: 39497
Modified:
data/CVE/list
Log:
Summary: wheezy/squeeze do not have code vuln to CVE-2015-8793
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-02-05 21:10:17 UTC (rev 39496)
+++ data/CVE/list 2016-02-05 21:20:36 UTC (rev 39497)
@@ -339,8 +339,12 @@
NOTE: https://roundcube.net/news/2015/06/05/updates-1.1.2-and-1.0.6-released/
CVE-2015-8793 (Cross-site scripting (XSS) vulnerability in program/include/rcmail.php ...)
- roundcube 1.1.2+dfsg.1-1
+ [wheezy] - roundcube <not-affected> (Vulnerable code not present)
+ [squeeze] - roundcube <not-affected> (Vulnerable code not present)
NOTE: https://roundcube.net/news/2015/06/05/updates-1.1.2-and-1.0.6-released/
NOTE: http://www.scip.ch/en/?vuldb.80731
+ NOTE: http://trac.roundcube.net/ticket/1490417 - mentions 1.0 not vulnerable, verified code not present in squeeze
+ NOTE: http://trac.roundcube.net/changeset/b782815dac/github
CVE-2015-8791 (The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 ...)
- libebml 1.3.3-1
NOTE: https://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html
More information about the Secure-testing-commits
mailing list