[Secure-testing-commits] r49166 - data/CVE
Markus Koschany
apo at moszumanska.debian.org
Fri Feb 24 05:51:57 UTC 2017
Author: apo
Date: 2017-02-24 05:51:56 +0000 (Fri, 24 Feb 2017)
New Revision: 49166
Modified:
data/CVE/list
Log:
CVE-2016-4793,cakephp: Add notes and link to patch.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-24 05:48:40 UTC (rev 49165)
+++ data/CVE/list 2017-02-24 05:51:56 UTC (rev 49166)
@@ -31864,6 +31864,9 @@
RESERVED
CVE-2016-4793 (The clientIp function in CakePHP 3.2.4 and earlier allows remote ...)
- cakephp 2.8.3-1
+ NOTE: http://legalhackers.com/advisories/CakePHP-IP-Spoofing-Vulnerability.txt
+ NOTE: https://bakery.cakephp.org/2016/03/13/cakephp_2613_2711_282_3017_3112_325_released.html
+ NOTE: Fixed by https://github.com/cakephp/cakephp/commit/48af49ddde16c8b99edb701f1c31283455b2b0b6
CVE-2016-4792 (Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote attackers to ...)
NOT-FOR-US: Pulse Connect Secure
CVE-2016-4791 (The administrative user interface in Pulse Connect Secure (PCS) 8.2 ...)
More information about the Secure-testing-commits
mailing list