[Secure-testing-commits] r45748 - data/CVE
Antoine Beaupré
anarcat at moszumanska.debian.org
Sat Oct 29 17:04:08 UTC 2016
Author: anarcat
Date: 2016-10-29 17:04:08 +0000 (Sat, 29 Oct 2016)
New Revision: 45748
Modified:
data/CVE/list
Log:
Summary: patch found for tar
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-29 16:56:55 UTC (rev 45747)
+++ data/CVE/list 2016-10-29 17:04:08 UTC (rev 45748)
@@ -8217,6 +8217,8 @@
RESERVED
- tar <unfixed> (bug #842339)
NOTE: https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt
+ NOTE: POC in https://bugzilla.novell.com/show_bug.cgi?id=1007188#c1 (etc/shadow should not be extracted when asking for etc/motd)
+ NOTE: patch available: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f79804de6297450e101d97411e7f74f06d22d787
CVE-2016-6320 (Cross-site scripting (XSS) vulnerability in ...)
- foreman <itp> (bug #663101)
CVE-2016-6319 (Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb ...)
More information about the Secure-testing-commits
mailing list