[Secure-testing-commits] r48074 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Jan 15 10:11:18 UTC 2017
Author: carnil
Date: 2017-01-15 10:11:18 +0000 (Sun, 15 Jan 2017)
New Revision: 48074
Modified:
data/CVE/list
Log:
Add notes for Moodle issues as commented by upstream
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-15 09:23:16 UTC (rev 48073)
+++ data/CVE/list 2017-01-15 10:11:18 UTC (rev 48074)
@@ -13647,10 +13647,16 @@
NOTE: https://github.com/python-pillow/Pillow/pull/2146/commits/c50ebe6459a131a1ea8ca531f10da616d3ceaa0f
CVE-2016-9188 (Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before ...)
- moodle <unfixed> (low; bug #851405)
+ NOTE: Moodle upstream does not believe it is a security vulnerability and the reporter
+ NOTE: did not followed up on requests from upstream to provide clarification, cf. #851405
CVE-2016-9187 (Unrestricted file upload vulnerability in the double extension support ...)
- moodle <unfixed> (low; bug #851405)
+ NOTE: Moodle upstream does not believe it is a security vulnerability and the reporter
+ NOTE: did not followed up on requests from upstream to provide clarification, cf. #851405
CVE-2016-9186 (Unrestricted file upload vulnerability in the "legacy course files" and ...)
- moodle <unfixed> (low; bug #851405)
+ NOTE: Moodle upstream does not believe it is a security vulnerability and the reporter
+ NOTE: did not followed up on requests from upstream to provide clarification, cf. #851405
CVE-2016-9185 (In OpenStack Heat, by launching a new Heat stack with a local URL an ...)
- heat 1:7.0.0-2 (bug #843232)
[jessie] - heat <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list