[Secure-testing-commits] r45749 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Oct 29 17:21:46 UTC 2016
Author: carnil
Date: 2016-10-29 17:21:46 +0000 (Sat, 29 Oct 2016)
New Revision: 45749
Modified:
data/CVE/list
Log:
Replace proposed patch with the original one from the advisory
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-29 17:04:08 UTC (rev 45748)
+++ data/CVE/list 2016-10-29 17:21:46 UTC (rev 45749)
@@ -8218,7 +8218,7 @@
- tar <unfixed> (bug #842339)
NOTE: https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt
NOTE: POC in https://bugzilla.novell.com/show_bug.cgi?id=1007188#c1 (etc/shadow should not be extracted when asking for etc/motd)
- NOTE: patch available: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f79804de6297450e101d97411e7f74f06d22d787
+ NOTE: Proposed patch: https://sintonen.fi/advisories/tar-extract-pathname-bypass.patch
CVE-2016-6320 (Cross-site scripting (XSS) vulnerability in ...)
- foreman <itp> (bug #663101)
CVE-2016-6319 (Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb ...)
More information about the Secure-testing-commits
mailing list