[Secure-testing-commits] r40265 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Mar 9 16:12:23 UTC 2016
Author: carnil
Date: 2016-03-09 16:12:23 +0000 (Wed, 09 Mar 2016)
New Revision: 40265
Modified:
data/CVE/list
Log:
Add note for one pcs issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-03-09 10:32:51 UTC (rev 40264)
+++ data/CVE/list 2016-03-09 16:12:23 UTC (rev 40265)
@@ -18490,7 +18490,8 @@
CVE-2015-5189 (Race condition in pcsd in PCS 0.9.139 and earlier uses a global ...)
- pcs <unfixed>
NOTE: Patch in Fedora: http://pkgs.fedoraproject.org/cgit/rpms/pcs.git/plain/fixed-session-and-cookies-processing.patch?h=f22&id=c4b5ad398cb011cdf31374d37943b6593411ae65
- TODO: check after it entered the archive
+ NOTE: Patch in CentOS 7 corresponding to RHSA-2015:1700: https://git.centos.org/blob/rpms!pcs/bafb6400d552c4d9e9cb46ddbe523e8f47e0de63/SOURCES!bz1253289-fixed-session-and-cookies-processing.patch
+ TODO: check, doesn't seem "apply" in most recent pcs (0.9.148-1.1), double check
CVE-2015-5188 (Cross-site request forgery (CSRF) vulnerability in the Web Console ...)
NOT-FOR-US: JBoss EAP
CVE-2015-5187
More information about the Secure-testing-commits
mailing list