[Secure-testing-commits] r39526 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Feb 7 05:17:30 UTC 2016
Author: carnil
Date: 2016-02-07 05:17:30 +0000 (Sun, 07 Feb 2016)
New Revision: 39526
Modified:
data/CVE/list
Log:
Two CVEs assigned for horde
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-02-06 21:10:12 UTC (rev 39525)
+++ data/CVE/list 2016-02-07 05:17:30 UTC (rev 39526)
@@ -10,8 +10,6 @@
RESERVED
CVE-2016-2218
RESERVED
-CVE-2015-8807
- RESERVED
CVE-2016-2224 [denial of service while parsing compressed items]
- uclibc <unfixed> (unimportant)
NOTE: Just for cross-compiling, not used for actual packages
@@ -99,16 +97,17 @@
NOTE: all versions vulnerable, backport required for wheezy
CVE-2016-XXXX [simpleid: passwords are stored as MD5]
- simpleid <unfixed> (bug #813611)
-CVE-2016-XXXX [XSS in Horde_Core_VarRenderer_Html]
+CVE-2015-8807 [XSS in Horde_Core_VarRenderer_Html]
- php-horde-core 2.22.4+debian0-1 (bug #813590)
NOTE: https://github.com/horde/horde/commit/11d74fa5a22fe626c5e5a010b703cd46a136f253
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/06/4
-CVE-2016-XXXX [reflected cross-site scripting]
+ NOTE: http://www.openwall.com/lists/oss-security/2016/02/06/4
+CVE-2016-2228 [reflected cross-site scripting]
- php-horde 5.2.9+debian0-1 (bug #813573)
NOTE: https://bugs.horde.org/ticket/14213
NOTE: http://lists.horde.org/archives/announce/2016/001140.html
- NOTE: Fixed in 5.2.9 upstream
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/06/4
+ NOTE: https://github.com/horde/horde/commit/f03301cf6edcca57121a15e80014c4d0f29d99a0
+ NOTE: https://github.com/horde/horde/commit/ab07a1b447de34e13983b4d7ceb18b58c3a358d8
+ NOTE: http://www.openwall.com/lists/oss-security/2016/02/06/4
CVE-2016-7028
REJECTED
CVE-2016-2199 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
More information about the Secure-testing-commits
mailing list