[Secure-testing-commits] r50528 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Apr 10 13:00:05 UTC 2017
Author: carnil
Date: 2017-04-10 13:00:05 +0000 (Mon, 10 Apr 2017)
New Revision: 50528
Modified:
data/CVE/list
Log:
Add CVE-2016-10321/web2py
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-10 12:52:44 UTC (rev 50527)
+++ data/CVE/list 2017-04-10 13:00:05 UTC (rev 50528)
@@ -36053,6 +36053,11 @@
- libarchive 3.2.1-1
NOTE: https://github.com/libarchive/libarchive/issues/705
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/fd7e0c02e272913a0a8b6d492c7260dfca0b1408 (v3.2.1)
+CVE-2016-10321 [does not check if host is denied before verifying passwords]
+ - web2py <unfixed>
+ [jessie] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
+ NOTE: https://github.com/web2py/web2py/issues/1585#issuecomment-284317919
+ NOTE: ttps://github.com/web2py/web2py/commit/944d8bd8f3c5cf8ae296fc03d149056c65358426
CVE-2016-4808 (Web2py versions 2.14.5 and below was affected by CSRF (Cross Site ...)
- web2py <unfixed> (bug #856127)
[jessie] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
More information about the Secure-testing-commits
mailing list