[Secure-testing-commits] r38954 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Fri Jan 15 18:56:58 UTC 2016


Author: carnil
Date: 2016-01-15 18:56:58 +0000 (Fri, 15 Jan 2016)
New Revision: 38954

Modified:
   data/CVE/list
Log:
Add two gosa issues, need to be checked in which version fixed

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-01-15 18:44:01 UTC (rev 38953)
+++ data/CVE/list	2016-01-15 18:56:58 UTC (rev 38954)
@@ -423,6 +423,10 @@
 	RESERVED
 CVE-2016-1712
 	RESERVED
+CVE-2015-8771 [Possibility of code injection when setting passwords for Samba]
+	- gosa <unfixed>
+	NOTE: https://github.com/gosa-project/gosa-core/commit/a67a047cba2cdae8bccb0f0e2bc6d3eb45cfcbc8
+	TODO: check
 CVE-2015-8770 [remote code execution / path traversal]
 	RESERVED
 	- roundcube 1.1.4+dfsg.1-1
@@ -1712,6 +1716,10 @@
 	- tidy-html5 <itp> (bug #770129)
 	NOTE: https://github.com/htacg/tidy-html5/issues/341
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/03/4
+CVE-2014-9760 [XSS vulnerability during session log on]
+	- gosa <unfixed>
+	NOTE: https://github.com/gosa-project/gosa-core/commit/e35b990464a2c2cf64d6833a217ed944876e7732
+	TODO: check
 CVE-2014-9759 [MantisBT SOAP API can be used to disclose confidential settings]
 	RESERVED
 	- mantis <not-affected> (Affects >= 1.3.0-beta.1)




More information about the Secure-testing-commits mailing list