[Secure-testing-commits] r51418 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Mon May 8 19:20:08 UTC 2017


Author: carnil
Date: 2017-05-08 19:20:08 +0000 (Mon, 08 May 2017)
New Revision: 51418

Modified:
   data/CVE/list
Log:
Update CVE-2017-4966/rabbitmq-server

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-05-08 18:50:54 UTC (rev 51417)
+++ data/CVE/list	2017-05-08 19:20:08 UTC (rev 51418)
@@ -11579,9 +11579,13 @@
 CVE-2017-4967
 	RESERVED
 	- rabbitmq-server <unfixed>
-CVE-2017-4966
+CVE-2017-4966 [authentication details are stored in browser-local storage without expiration]
 	RESERVED
 	- rabbitmq-server <unfixed>
+	[jessie] - rabbitmq-server <not-affected> (Vulnerable code introduced later)
+	[wheezy] - rabbitmq-server <not-affected> (Vulnerable code introduced later)
+	NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-management/commit/2371633f99ad0d293899384f078872ff9e9f3e10 (rabbitmq_v3_6_9)
+	NOTE: Introduced by: https://github.com/rabbitmq/rabbitmq-management/commit/ced47b0bdca862a58e8f31833643e948655f8368 (rabbitmq_v3_4_0)
 CVE-2017-4965
 	RESERVED
 	- rabbitmq-server <unfixed>




More information about the Secure-testing-commits mailing list