[Secure-testing-commits] r49428 - data/CVE

[Brian May]

Author: bam
Date: 2017-03-06 06:56:51 +0000 (Mon, 06 Mar 2017)
New Revision: 49428

Modified:
   data/CVE/list
Log:
Add link to upstream BTS for web2py issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-03-06 05:52:47 UTC (rev 49427)
+++ data/CVE/list	2017-03-06 06:56:51 UTC (rev 49428)
@@ -32560,10 +32560,13 @@
 	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/fd7e0c02e272913a0a8b6d492c7260dfca0b1408 (v3.2.1)
 CVE-2016-4808 (Web2py versions 2.14.5 and below was affected by CSRF (Cross Site ...)
 	- web2py <unfixed> (bug #856127)
+	NOTE: https://github.com/web2py/web2py/issues/1585
 CVE-2016-4807 (Web2py versions 2.14.5 and below was affected by Reflected XSS ...)
 	- web2py <unfixed> (bug #856127)
+	NOTE: https://github.com/web2py/web2py/issues/1585
 CVE-2016-4806 (Web2py versions 2.14.5 and below was affected by Local File Inclusion ...)
 	- web2py <unfixed> (bug #856127)
+	NOTE: https://github.com/web2py/web2py/issues/1585
 CVE-2016-4803 (CRLF injection vulnerability in the send email functionality in dotCMS ...)
 	NOT-FOR-US: dotCMS
 CVE-2016-4802 (Multiple untrusted search path vulnerabilities in cURL and libcurl ...)