[Secure-testing-commits] r53478 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Jul 13 21:49:46 UTC 2017


Author: carnil
Date: 2017-07-13 21:49:46 +0000 (Thu, 13 Jul 2017)
New Revision: 53478

Modified:
   data/CVE/list
Log:
Add note and todo for roundcube entry

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-07-13 21:42:36 UTC (rev 53477)
+++ data/CVE/list	2017-07-13 21:49:46 UTC (rev 53478)
@@ -475,7 +475,9 @@
 CVE-2017-1000051 (Cross-site scripting (XSS) vulnerability in pad export in XWiki labs ...)
 	TODO: check
 CVE-2017-1000049 (Roundcube Webmail 1.1.5 is vulnerable to Persistent Xss ...)
-	TODO: check
+	- roundcube <undetermined>
+	NOTE: https://github.com/roundcube/roundcubemail/issues/4949
+	TODO: check if different from CVE-2015-2181
 CVE-2017-1000048 (the web framework using ljharb's qs module older than v6.3.2, v6.2.3, ...)
 	TODO: check
 CVE-2017-1000047 (rbenv (all current versions) is vulnerable to Directory Traversal in ...)




More information about the Secure-testing-commits mailing list