[Secure-testing-commits] r46650 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Nov 30 05:18:04 UTC 2016
Author: carnil
Date: 2016-11-30 05:18:04 +0000 (Wed, 30 Nov 2016)
New Revision: 46650
Modified:
data/CVE/list
Log:
Add new subversion issue
Remark: Above wheezy entry workarounded; binary packages not affected
(since in wheezy build against Neon as HTTP library), though source is.
(unimporant) for individual lines is not supported, thus workaround by
marking as no-dsa.
The fix could b e included in any future DLA.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-29 23:09:35 UTC (rev 46649)
+++ data/CVE/list 2016-11-30 05:18:04 UTC (rev 46650)
@@ -2837,8 +2837,15 @@
NOTE: Fixed by: http://svn.apache.org/r1767656 (8.0.x)
NOTE: Fixed by: http://svn.apache.org/r1767676 (7.0.x)
NOTE: Fixed by: http://svn.apache.org/r1767684 (6.0.x)
-CVE-2016-8734
+CVE-2016-8734 [Unrestricted XML entity expansion in mod_dontdothat and Subversion clients using http(s)://]
RESERVED
+ - subversion <unfixed> (low)
+ [jessie] - subversion <no-dsa> (Minor issue; can be fixed via point release)
+ [wheezy] - subversion <no-dsa> (Minor issue, binary packages not affected since built against Neon as HTTP library)
+ NOTE: Above wheezy entry workarounded; binary packages not affected (since in wheezy build against Neon as HTTP
+ NOTE: library), though source is. (unimporant) for individual lines is not supported, thus workaround by marking
+ NOTE: as no-dsa.
+ NOTE: https://subversion.apache.org/security/CVE-2016-8734-advisory.txt
CVE-2016-8733
RESERVED
CVE-2016-8732
More information about the Secure-testing-commits
mailing list