[Secure-testing-commits] r53691 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Jul 20 05:53:56 UTC 2017
Author: carnil
Date: 2017-07-20 05:53:56 +0000 (Thu, 20 Jul 2017)
New Revision: 53691
Modified:
data/CVE/list
Log:
Two new glpi issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-20 05:53:40 UTC (rev 53690)
+++ data/CVE/list 2017-07-20 05:53:56 UTC (rev 53691)
@@ -38234,13 +38234,15 @@
NOTE: seem to be the ultimate fix upstream, introducing commit should as well still be
NOTE: found.
CVE-2016-7509 (Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote ...)
- TODO: check
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2016-7508 (Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an ...)
- glpi <removed> (unimportant)
NOTE: https://github.com/glpi-project/glpi/issues/1047
NOTE: Only supported behind an authenticated HTTP zone
CVE-2016-7507 (Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows ...)
- TODO: check
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2016-7506 (An out-of-bounds read vulnerability was observed in Sp_replace_regexp ...)
NOT-FOR-US: MuJS
CVE-2016-7505 (A buffer overflow vulnerability was observed in divby function of ...)
More information about the Secure-testing-commits
mailing list