[Secure-testing-commits] r47724 - data/CVE
Thijs Kinkhorst
thijs at moszumanska.debian.org
Wed Jan 4 17:43:57 UTC 2017
Author: thijs
Date: 2017-01-04 17:43:57 +0000 (Wed, 04 Jan 2017)
New Revision: 47724
Modified:
data/CVE/list
Log:
CVE-2016-10034 affects zend 1.x, at least same code is present
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-04 17:41:21 UTC (rev 47723)
+++ data/CVE/list 2017-01-04 17:43:57 UTC (rev 47724)
@@ -2621,11 +2621,10 @@
CVE-2016-10035
RESERVED
CVE-2016-10034 (The setFrom function in the Sendmail adapter in the zend-mail ...)
- - zendframework <undetermined>
+ - zendframework <unfixed>
NOTE: https://framework.zend.com/security/advisory/ZF2016-04
NOTE: https://github.com/zendframework/zendframework/commit/7c1e89815f5a9c016f4b8088e59b07cb2bf99dc0
NOTE: http://legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034-Vuln.html
- TODO: check if 1.x series is affected as well
CVE-2014-9914
RESERVED
CVE-2016-10045 (The isMail transport in PHPMailer before 5.2.20, when the Sender ...)
More information about the Secure-testing-commits
mailing list