[Secure-testing-commits] r45716 - in data: . CVE
Jonas Meurer
mejo at moszumanska.debian.org
Fri Oct 28 15:42:07 UTC 2016
Author: mejo
Date: 2016-10-28 15:42:07 +0000 (Fri, 28 Oct 2016)
New Revision: 45716
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Update CVE info in data/CVE/list, give back spip in dla-needed.txt
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-28 15:20:28 UTC (rev 45715)
+++ data/CVE/list 2016-10-28 15:42:07 UTC (rev 45716)
@@ -3374,14 +3374,17 @@
CVE-2016-7999 [Server Side Request Forgery]
RESERVED
- spip 3.1.3-1
- NOTE: https://core.spip.net/projects/spip/repository/revisions/23188
- NOTE: https://core.spip.net/projects/spip/repository/revisions/23193
+ NOTE: http://seclists.org/fulldisclosure/2016/Oct/78
+ NOTE: https://core.spip.net/projects/spip/repository/revisions/23185 (master)
+ NOTE: https://core.spip.net/projects/spip/repository/revisions/23188 (3.1)
+ NOTE: https://core.spip.net/projects/spip/repository/revisions/23193 (3.0)
CVE-2016-7998 [Template Compiler/Composer PHP Code Execution]
RESERVED
- spip 3.1.3-1
- NOTE: https://core.spip.net/projects/spip/repository/revisions/23186
- NOTE: https://core.spip.net/projects/spip/repository/revisions/23189
- NOTE: https://core.spip.net/projects/spip/repository/revisions/23192
+ NOTE: http://seclists.org/fulldisclosure/2016/Oct/76
+ NOTE: https://core.spip.net/projects/spip/repository/revisions/23186 (master)
+ NOTE: https://core.spip.net/projects/spip/repository/revisions/23189 (3.1)
+ NOTE: https://core.spip.net/projects/spip/repository/revisions/23192 (3.0)
CVE-2016-7997 [denial of service via a crash due to an assertion]
RESERVED
{DLA-683-1}
@@ -3440,32 +3443,36 @@
CVE-2016-7982 [File Enumeration / Path Traversal]
RESERVED
- spip 3.1.3-1
- NOTE: https://core.spip.net/projects/spip/repository/revisions/23184 (3.0.x)
- NOTE: https://core.spip.net/projects/spip/repository/revisions/23182 (3.1.x)
- NOTE: https://core.spip.net/projects/spip/repository/revisions/23185
- NOTE: https://core.spip.net/projects/spip/repository/revisions/23187
- NOTE: https://core.spip.net/projects/spip/repository/revisions/23188 (3.1.x)
- NOTE: https://core.spip.net/projects/spip/repository/revisions/23193 (3.0.x)
- NOTE: https://core.spip.net/projects/spip/repository/revisions/23190 (3.1.x)
- NOTE: https://core.spip.net/projects/spip/repository/revisions/23191 (3.0.x)
- NOTE: https://core.spip.net/projects/spip/repository/revisions/23200
- NOTE: https://core.spip.net/projects/spip/repository/revisions/23201 (3.1.x)
- NOTE: https://core.spip.net/projects/spip/repository/revisions/23202 (3.0.x)
- NOTE: https://core.spip.net/projects/spip/repository/revisions/23206
- NOTE: https://core.spip.net/projects/spip/repository/revisions/23208 (3.0.x)
- NOTE: https://core.spip.net/projects/spip/repository/revisions/23207 (3.1.x)
+ NOTE: http://seclists.org/fulldisclosure/2016/Oct/73
+ NOTE: https://core.spip.net/projects/spip/repository/revisions/23180 (master)
+ NOTE: https://core.spip.net/projects/spip/repository/revisions/23182 (3.1)
+ NOTE: https://core.spip.net/projects/spip/repository/revisions/23184 (3.0)
+ NOTE: https://core.spip.net/projects/spip/repository/revisions/23185 (master)
+ NOTE: https://core.spip.net/projects/spip/repository/revisions/23188 (3.1)
+ NOTE: https://core.spip.net/projects/spip/repository/revisions/23191 (3.0)
+ NOTE: https://core.spip.net/projects/spip/repository/revisions/23187 (master)
+ NOTE: https://core.spip.net/projects/spip/repository/revisions/23190 (3.1)
+ NOTE: https://core.spip.net/projects/spip/repository/revisions/23193 (3.0)
+ NOTE: https://core.spip.net/projects/spip/repository/revisions/23200 (master)
+ NOTE: https://core.spip.net/projects/spip/repository/revisions/23201 (3.1)
+ NOTE: https://core.spip.net/projects/spip/repository/revisions/23202 (3.0)
+ NOTE: https://core.spip.net/projects/spip/repository/revisions/23206 (master)
+ NOTE: https://core.spip.net/projects/spip/repository/revisions/23207 (3.1)
+ NOTE: https://core.spip.net/projects/spip/repository/revisions/23208 (3.0)
CVE-2016-7981 [Reflected Cross-Site Scripting]
RESERVED
- spip 3.1.3-1
- NOTE: https://core.spip.net/projects/spip/repository/revisions/23200
+ NOTE: http://seclists.org/fulldisclosure/2016/Oct/68
+ NOTE: https://core.spip.net/projects/spip/repository/revisions/23200 (master)
NOTE: https://core.spip.net/projects/spip/repository/revisions/23201 (3.1.x)
NOTE: https://core.spip.net/projects/spip/repository/revisions/23202 (3.0.x)
CVE-2016-7980 [Cross-Site Request Forgery]
RESERVED
- spip 3.1.3-1
- NOTE: https://core.spip.net/projects/spip/repository/revisions/23200
- NOTE: https://core.spip.net/projects/spip/repository/revisions/23201 (3.1.x)
- NOTE: https://core.spip.net/projects/spip/repository/revisions/23202 (3.0.x)
+ NOTE: http://seclists.org/fulldisclosure/2016/Oct/67
+ NOTE: https://core.spip.net/projects/spip/repository/revisions/23200 (master)
+ NOTE: https://core.spip.net/projects/spip/repository/revisions/23201 (3.1)
+ NOTE: https://core.spip.net/projects/spip/repository/revisions/23202 (3.0)
CVE-2016-7975
RESERVED
CVE-2016-7974
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2016-10-28 15:20:28 UTC (rev 45715)
+++ data/dla-needed.txt 2016-10-28 15:42:07 UTC (rev 45716)
@@ -72,7 +72,11 @@
qemu-kvm (Guido Günther)
NOTE: need to be updated with qemu
--
-spip (Jonas Meurer)
+spip
+ NOTE: contacted the upstream team after advice to do so on IRC. They
+ NOTE: still maintain a 2.1 branch themselves and want to look into
+ NOTE: backporting the fixes. We should wait for a response for a few
+ NOTE: days before we start to backport ourselves.
--
tiff (Raphaël Hertzog)
--
More information about the Secure-testing-commits
mailing list