[Secure-testing-commits] r50760 - data/CVE
Markus Koschany
apo at moszumanska.debian.org
Tue Apr 18 17:32:11 UTC 2017
Author: apo
Date: 2017-04-18 17:32:10 +0000 (Tue, 18 Apr 2017)
New Revision: 50760
Modified:
data/CVE/list
Log:
web2py issues: Follow Jessie, no-dsa for Wheezy
The admin application is not used in production hence the security impact is
quite low.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-18 16:50:53 UTC (rev 50759)
+++ data/CVE/list 2017-04-18 17:32:10 UTC (rev 50760)
@@ -36862,21 +36862,25 @@
CVE-2016-10321 (web2py before 2.14.6 does not properly check if a host is denied before ...)
- web2py <unfixed> (bug #860038)
[jessie] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
+ [wheezy] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
NOTE: https://github.com/web2py/web2py/issues/1585#issuecomment-284317919
NOTE: https://github.com/web2py/web2py/commit/944d8bd8f3c5cf8ae296fc03d149056c65358426
CVE-2016-4808 (Web2py versions 2.14.5 and below was affected by CSRF (Cross Site ...)
- web2py <unfixed> (bug #856127)
[jessie] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
+ [wheezy] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
NOTE: https://github.com/web2py/web2py/issues/1585
NOTE: https://github.com/web2py/web2py/commit/4bd002aee978813bc664cf186ef38ff4e8bbe1cd
CVE-2016-4807 (Web2py versions 2.14.5 and below was affected by Reflected XSS ...)
- web2py <unfixed> (bug #856127)
[jessie] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
+ [wheezy] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
NOTE: https://github.com/web2py/web2py/issues/1585
NOTE: https://github.com/web2py/web2py/commit/51c3b633fe7ad647bc3013e899c1e3a910362dd1
CVE-2016-4806 (Web2py versions 2.14.5 and below was affected by Local File Inclusion ...)
- web2py <unfixed> (bug #856127)
[jessie] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
+ [wheezy] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
NOTE: https://github.com/web2py/web2py/issues/1585
NOTE: https://github.com/web2py/web2py/issues/1316
NOTE: https://github.com/web2py/web2py/commit/1b42fe65472930668435007cfcb077207051ba34
More information about the Secure-testing-commits
mailing list