[Secure-testing-commits] r53504 - data/CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Sat Jul 15 09:18:57 UTC 2017
Author: hertzog
Date: 2017-07-15 09:18:56 +0000 (Sat, 15 Jul 2017)
New Revision: 53504
Modified:
data/CVE/list
Log:
Mark CVE-2017-1000071 as no-dsa on wheezy
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-15 07:04:43 UTC (rev 53503)
+++ data/CVE/list 2017-07-15 09:18:56 UTC (rev 53504)
@@ -482,6 +482,9 @@
NOT-FOR-US: Creolabs Gravity
CVE-2017-1000071 (Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass ...)
- php-cas <unfixed>
+ [wheezy] - php-cas <no-dsa> (Minor issue, only works with old CAS server)
+ NOTE: The vulnerability only exists when the server is affected by
+ NOTE: another very old vulnerability fixed in 2010.
CVE-2017-1000070 (The Bitly oauth2_proxy in version 2.1 and earlier was affected by an ...)
NOT-FOR-US: Bitly oauth2_proxy
CVE-2017-1000069 (CSRF in Bitly oauth2_proxy 2.1 during authentication flow ...)
More information about the Secure-testing-commits
mailing list