[Secure-testing-commits] r42446 - data/CVE
Markus Koschany
apo at moszumanska.debian.org
Fri Jun 10 19:17:31 UTC 2016
Author: apo
Date: 2016-06-10 19:17:31 +0000 (Fri, 10 Jun 2016)
New Revision: 42446
Modified:
data/CVE/list
Log:
Mark CVE-2016-4096 roundcube, wheezy as not affected
program/lib/Roundcube/rcube_washtml.php is called lib/washtml.php in this
version but the function is_link_attribute does not exist.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-06-10 17:44:24 UTC (rev 42445)
+++ data/CVE/list 2016-06-10 19:17:31 UTC (rev 42446)
@@ -3684,6 +3684,7 @@
CVE-2016-4069 [Protect download urls against CSRF using unique request tokens]
RESERVED
- roundcube 1.1.5+dfsg.1-1 (bug #822333)
+ [wheezy] - roundcube <not-affected> (vulnerable code not present)
NOTE: https://github.com/roundcube/roundcubemail/issues/4957
NOTE: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115
NOTE: https://github.com/roundcube/roundcubemail/commit/4a408843b0ef816daf70a472a02b78cd6073a4d5
More information about the Secure-testing-commits
mailing list