[Secure-testing-commits] r44890 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Sep 25 14:51:39 UTC 2016
Author: carnil
Date: 2016-09-25 14:51:39 +0000 (Sun, 25 Sep 2016)
New Revision: 44890
Modified:
data/CVE/list
Log:
Update information for CVE-2016-7419
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-25 13:25:10 UTC (rev 44889)
+++ data/CVE/list 2016-09-25 14:51:39 UTC (rev 44890)
@@ -2424,11 +2424,14 @@
NOTE: Documentation added in https://github.com/weidai11/cryptopp/commit/553049ba297d89d9e8fbf2204acb40a8a53f5cd6
CVE-2016-7419 (Cross-site scripting (XSS) vulnerability in share.js in the gallery ...)
- nextcloud <itp> (bug #835086)
- - owncloud <removed>
+ - owncloud <not-affected> (Vulnerable code introduced later)
+ NOTE: up to version which was removed, not included, as the vulnerable code was
+ NOTE: introduced later in a migration of the Gallery app to a new sharing endpoint
+ NOTE: where a parameter changed from an interger to a string value, and that value
+ NOTE: not beeing sanitized.
NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-011
NOTE: https://github.com/owncloud/gallery/commit/6933d27afe518967bd1b60e6a7eacd88288929fc
NOTE: https://hackerone.com/reports/145355
- TODO: check
CVE-2016-7418 (The php_wddx_push_element function in ext/wddx/wddx.c in PHP before ...)
- php7.0 7.0.11-1
- php5 5.6.26+dfsg-1
More information about the Secure-testing-commits
mailing list