[Secure-testing-commits] r50466 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Apr 8 13:09:44 UTC 2017


Author: carnil
Date: 2017-04-08 13:09:44 +0000 (Sat, 08 Apr 2017)
New Revision: 50466

Modified:
   data/CVE/list
Log:
Mark web2py as no-dsa for jessie

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-08 12:07:24 UTC (rev 50465)
+++ data/CVE/list	2017-04-08 13:09:44 UTC (rev 50466)
@@ -35932,15 +35932,19 @@
 	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/fd7e0c02e272913a0a8b6d492c7260dfca0b1408 (v3.2.1)
 CVE-2016-4808 (Web2py versions 2.14.5 and below was affected by CSRF (Cross Site ...)
 	- web2py <unfixed> (bug #856127)
+	[jessie] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
 	NOTE: https://github.com/web2py/web2py/issues/1585
 	NOTE: https://github.com/web2py/web2py/commit/4bd002aee978813bc664cf186ef38ff4e8bbe1cd
 CVE-2016-4807 (Web2py versions 2.14.5 and below was affected by Reflected XSS ...)
 	- web2py <unfixed> (bug #856127)
+	[jessie] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
 	NOTE: https://github.com/web2py/web2py/issues/1585
 	NOTE: https://github.com/web2py/web2py/commit/51c3b633fe7ad647bc3013e899c1e3a910362dd1
 CVE-2016-4806 (Web2py versions 2.14.5 and below was affected by Local File Inclusion ...)
 	- web2py <unfixed> (bug #856127)
+	[jessie] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
 	NOTE: https://github.com/web2py/web2py/issues/1585
+	NOTE: https://github.com/web2py/web2py/issues/1316
 	NOTE: https://github.com/web2py/web2py/commit/1b42fe65472930668435007cfcb077207051ba34
 CVE-2016-4803 (CRLF injection vulnerability in the send email functionality in dotCMS ...)
 	NOT-FOR-US: dotCMS




More information about the Secure-testing-commits mailing list