[Secure-testing-commits] r43461 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Jul 25 16:21:45 UTC 2016
Author: carnil
Date: 2016-07-25 16:21:45 +0000 (Mon, 25 Jul 2016)
New Revision: 43461
Modified:
data/CVE/list
Log:
Update CVE-2015-8379/cakephp according to maintainer
Maintainer investigated and found the issue fixed in 2.7.9 upstream, and
thus 2.8.0-1.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-07-25 16:13:32 UTC (rev 43460)
+++ data/CVE/list 2016-07-25 16:21:45 UTC (rev 43461)
@@ -20564,10 +20564,9 @@
NOTE: https://launchpadlibrarian.net/228152582/dhcp.c.patch
NOTE: original ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226
CVE-2015-8379 (CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to ...)
- - cakephp <unfixed> (bug #832316)
+ - cakephp 2.8.0-1 (bug #832316)
NOTE: http://karmainsecurity.com/KIS-2016-01
NOTE: https://github.com/cakephp/cakephp/commit/0f818a23a876c01429196bf7623e1e94a50230f0
- TODO: double-check, upload of 2.8.5-1 to unstable claims this is fixed but not clear from looking at debdiff from 2.8.3-1 to 2.8.5-1
CVE-2015-8400 (The HTTPS fallback implementation in Shell In A Box (aka shellinabox) ...)
- shellinabox 2.19
[jessie] - shellinabox <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list