[Secure-testing-commits] r38923 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Jan 14 22:00:15 UTC 2016
Author: carnil
Date: 2016-01-14 22:00:14 +0000 (Thu, 14 Jan 2016)
New Revision: 38923
Modified:
data/CVE/list
Log:
Add three CVEs for cgit
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-01-14 21:37:17 UTC (rev 38922)
+++ data/CVE/list 2016-01-14 22:00:14 UTC (rev 38923)
@@ -1,3 +1,12 @@
+CVE-2016-1901 [Integer Overflow resulting in Buffer Overflow]
+ - cgit <unfixed>
+ NOTE: http://git.zx2c4.com/cgit/commit/?id=4458abf64172a62b92810c2293450106e6dfc763 (v0.12)
+CVE-2016-1900 [Stored Cross Site Scripting & Header Injection in Filename Parameter]
+ - cgit <unfixed>
+ NOTE: http://git.zx2c4.com/cgit/commit/?id=513b3863d999f91b47d7e9f26710390db55f9463 (v0.12)
+CVE-2016-1899 [Reflected Cross Site Scripting & Header Injection in Mimetype Query String]
+ - cgit <unfixed>
+ NOTE: http://git.zx2c4.com/cgit/commit/?id=1c581a072651524f3b0d91f33e22a42c4166dd96 (v0.12)
CVE-2016-1896
RESERVED
CVE-2016-1895
More information about the Secure-testing-commits
mailing list