[Secure-testing-commits] r42997 - data/CVE
Chris Lamb
lamby at moszumanska.debian.org
Mon Jul 4 12:25:31 UTC 2016
Author: lamby
Date: 2016-07-04 12:25:31 +0000 (Mon, 04 Jul 2016)
New Revision: 42997
Modified:
data/CVE/list
Log:
comment that CVE-2016-4068 in roundcube's patch is incomplete
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-07-04 11:28:36 UTC (rev 42996)
+++ data/CVE/list 2016-07-04 12:25:31 UTC (rev 42997)
@@ -5997,7 +5997,7 @@
CVE-2016-4068 ["for the remaining SVG XSS issues additional to CVE-2015-8864"]
RESERVED
- roundcube <unfixed>
- NOTE: https://github.com/roundcube/roundcubemail/commit/40d7342dd9c9bd2a1d613edc848ed95a4d71aa18#commitcomment-15294218
+ NOTE: https://github.com/roundcube/roundcubemail/commit/40d7342dd9c9bd2a1d613edc848ed95a4d71aa18#commitcomment-15294218 (incomplete fix)
NOTE: These remain unfixed in versions 1.0.9, 1.1.5 and 1.2-rc
CVE-2015-8864 [XSS issue in SVG images handling]
RESERVED
More information about the Secure-testing-commits
mailing list