[Secure-testing-commits] r48295 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Jan 23 05:37:36 UTC 2017
Author: carnil
Date: 2017-01-23 05:37:36 +0000 (Mon, 23 Jan 2017)
New Revision: 48295
Modified:
data/CVE/list
Log:
Add bug reference for CVE-2016-2087
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-23 05:20:26 UTC (rev 48294)
+++ data/CVE/list 2017-01-23 05:37:36 UTC (rev 48295)
@@ -37918,11 +37918,13 @@
- bind9 <not-affected> (Introduced in Bind 9.10)
NOTE: https://kb.isc.org/article/AA-01351
CVE-2016-2087 (Directory traversal vulnerability in the client in HexChat 2.11.0 ...)
- - hexchat <unfixed>
+ - hexchat <unfixed> (bug #852275)
[jessie] - hexchat <no-dsa> (Minor issue)
NOTE: https://www.exploit-db.com/exploits/39656/
NOTE: https://github.com/hexchat/hexchat/issues/1933
NOTE: https://github.com/hexchat/hexchat/commit/15600f405f2d5bda6ccf0dd73957395716e0d4d3
+ NOTE: Would be included in upstream source since the upload 2.12.3-0.1 to unstable but the
+ NOTE: Debian packaging reverts the 15600f405f2d5bda6ccf0dd73957395716e0d4d3 commit
CVE-2016-2086 (Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before ...)
- nodejs 4.3.0~dfsg-1 (unimportant)
NOTE: libv8 is not covered by security support
More information about the Secure-testing-commits
mailing list