[Secure-testing-commits] r46179 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Nov 14 13:21:51 UTC 2016
Author: carnil
Date: 2016-11-14 13:21:51 +0000 (Mon, 14 Nov 2016)
New Revision: 46179
Modified:
data/CVE/list
Log:
Update status for CVE-2015-5189/pcs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-14 13:17:13 UTC (rev 46178)
+++ data/CVE/list 2016-11-14 13:21:51 UTC (rev 46179)
@@ -39876,10 +39876,9 @@
- pcs <not-affected> (Fixed before initial release to Debian)
NOTE: https://github.com/feist/pcs/commit/634f6d93e4091946441f366e29859ed64a2c977a (0.9.144)
CVE-2015-5189 (Race condition in pcsd in PCS 0.9.139 and earlier uses a global ...)
- - pcs <unfixed>
+ - pcs <not-affected> (Fixed before the initial release in Debian)
NOTE: Patch in Fedora: http://pkgs.fedoraproject.org/cgit/rpms/pcs.git/plain/fixed-session-and-cookies-processing.patch?h=f22&id=c4b5ad398cb011cdf31374d37943b6593411ae65
NOTE: Patch in CentOS 7 corresponding to RHSA-2015:1700: https://git.centos.org/blob/rpms!pcs/bafb6400d552c4d9e9cb46ddbe523e8f47e0de63/SOURCES!bz1253289-fixed-session-and-cookies-processing.patch
- TODO: check, doesn't seem "apply" in most recent pcs (0.9.148-1.1), double check
CVE-2015-5188 (Cross-site request forgery (CSRF) vulnerability in the Web Console ...)
NOT-FOR-US: JBoss EAP
CVE-2015-5187
More information about the Secure-testing-commits
mailing list