[Secure-testing-commits] r46400 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Nov 21 20:35:16 UTC 2016
Author: carnil
Date: 2016-11-21 20:35:16 +0000 (Mon, 21 Nov 2016)
New Revision: 46400
Modified:
data/CVE/list
Log:
Add issue in mcabber
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-21 20:28:10 UTC (rev 46399)
+++ data/CVE/list 2016-11-21 20:35:16 UTC (rev 46400)
@@ -1,3 +1,8 @@
+CVE-2016-XXXX [MCabber before 1.0.4 allows emote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza]
+ - mcabber <unfixed>
+ NOTE: https://bitbucket.org/McKael/mcabber-crew/commits/6e1ead98930d7dd0a520ad17c720ae4908429033/raw
+ NOTE: Similar issue for mcabber as for gajim in CVE-2015-8688
+ NOTE: Separate CVE assignment is pending
CVE-2016-XXXX [TOCTOU race condition in initscript on chown'ing JVM_TMP temporary directory]
- tomcat8 8.0.38-1 (bug #840685)
[jessie] - tomcat8 8.0.14-1+deb8u4
More information about the Secure-testing-commits
mailing list