[Secure-testing-commits] r45761 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Oct 30 06:27:51 UTC 2016
Author: carnil
Date: 2016-10-30 06:27:45 +0000 (Sun, 30 Oct 2016)
New Revision: 45761
Modified:
data/CVE/list
Log:
Reference upstream patch for tar
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-30 03:44:59 UTC (rev 45760)
+++ data/CVE/list 2016-10-30 06:27:45 UTC (rev 45761)
@@ -8221,7 +8221,8 @@
- tar <unfixed> (bug #842339)
NOTE: https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt
NOTE: POC in https://sintonen.fi/advisories/tar-poc.tar (etc/shadow should not be extracted when asking for etc/motd)
- NOTE: Proposed patch: https://lists.debian.org/debian-lts/2016/10/msg00206.html
+ NOTE: Proposed patch by Antoine Beaupre: https://lists.debian.org/debian-lts/2016/10/msg00206.html
+ NOTE: Proposed patch upstream: http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d
CVE-2016-6320 (Cross-site scripting (XSS) vulnerability in ...)
- foreman <itp> (bug #663101)
CVE-2016-6319 (Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb ...)
More information about the Secure-testing-commits
mailing list