[Secure-testing-commits] r43266 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2016-07-18 19:01:34 +0000 (Mon, 18 Jul 2016)
New Revision: 43266

Modified:
   data/CVE/list
Log:
Add CVE requested item for libupnp

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-07-18 18:59:57 UTC (rev 43265)
+++ data/CVE/list	2016-07-18 19:01:34 UTC (rev 43266)
@@ -1,3 +1,8 @@
+CVE-2016-XXXX [write files via POST]
+	- libupnp <unfixed>
+	NOTE: https://twitter.com/mjg59/status/755062278513319936
+	NOTE: Proposed fix: https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/07/18/13
 CVE-2016-6233 [ZF2016-02: Potential SQL injection in ORDER and GROUP statements of Zend_Db_Select]
 	- zendframework 1.12.19+dfsg-1
 	[jessie] - zendframework <not-affected> (introduced after 1.12.9)