[Secure-testing-commits] r43103 - data/CVE

Sun Jul 10 18:09:38 UTC 2016

Author: carnil
Date: 2016-07-10 18:09:38 +0000 (Sun, 10 Jul 2016)
New Revision: 43103

Modified:
   data/CVE/list
Log:
Add some new sogo issues, unverified, left TODO

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2016-07-10 17:53:37 UTC (rev 43102)
+++ data/CVE/list	2016-07-10 18:09:38 UTC (rev 43103)
@@ -1,3 +1,25 @@
+CVE-2016-6191 [Persistent Cross-Site Scripting in calendar]
+	- sogo <unfixed>
+	NOTE: https://sogo.nu/bugs/view.php?id=3718
+	NOTE: http://github.com/inverse-inc/sogo/commit/64ce3c9c22fd9a28caabf11e76216cd53d0245aa
+	TODO: check versions
+CVE-2016-6190 [Meta information can be derived from UID/DTSTAMP attributes though "View the Date & Time" restricted access Backend Calendar]
+	- sogo <unfixed>
+	NOTE: Fix SOGo v2: https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225
+	NOTE: Fix SOGo v3: https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d
+	NOTE: https://sogo.nu/bugs/view.php?id=3696
+	TODO: check versions
+CVE-2016-6189 [Private information leakage through ics/XML feeds when restricted to "View the Date & Time"]
+	- sogo <unfixed>
+	NOTE: Fix SOGo v2: https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225
+	NOTE: Fix SOGo v3: https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d
+	NOTE: https://sogo.nu/bugs/view.php?id=3695
+	TODO: check versions
+CVE-2016-6188 [DOS attack through uploading malicious attachments]
+	- sogo <unfixed>
+	NOTE: http://github.com/inverse-inc/sogo/commit/32bb1456e23a32c7f45079c3985bf732dd0d276d
+	NOTE: https://sogo.nu/bugs/view.php?id=3510
+	TODO: check versions
 CVE-2016-6187 [apparmor: oops in apparmor_setprocattr()]
 	- linux <unfixed>
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)


