[Secure-testing-commits] r56898 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Fri Oct 20 21:11:35 UTC 2017 

Author: carnil
Date: 2017-10-20 21:11:35 +0000 (Fri, 20 Oct 2017)
New Revision: 56898

Modified:
   data/CVE/list
Log:
Add resteasy3.0 source package names, unfortunately we nave now resteasy and resteasy3.0

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-20 21:10:31 UTC (rev 56897)
+++ data/CVE/list	2017-10-20 21:11:35 UTC (rev 56898)
@@ -23462,6 +23462,7 @@
 CVE-2017-7561 (Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is ...)
 	- resteasy <unfixed> (bug #873392)
 	[jessie] - resteasy <not-affected> (CORS Filter added in 3.0.7.Final)
+	- resteasy3.0 <undetermined>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1483823
 	NOTE: https://issues.jboss.org/projects/RESTEASY/issues/RESTEASY-1704
 	NOTE: Fixed by: https://github.com/resteasy/Resteasy/commit/517db971d8f7094124416bf72091fd0b45a13028
@@ -44287,6 +44288,7 @@
 	RESERVED
 	- resteasy <unfixed> (bug #851430)
 	[jessie] - resteasy <no-dsa> (Minor issue)
+	- resteasy3.0 <undetermined>
 CVE-2016-9605 [Cross site scripting in profile page]
 	RESERVED
 	- cobbler <unfixed> (bug #858844)
@@ -52875,6 +52877,7 @@
 CVE-2016-7050 (SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop ...)
 	- resteasy 3.0.18-1
 	[jessie] - resteasy <no-dsa> (Minor issue)
+	- resteasy3.0 <not-affected> (Fixed before initial release to Debian)
 	NOTE: The SerializableProvider has been disabled by default in 3.0.17
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1378613
 CVE-2016-7049
@@ -55048,15 +55051,19 @@
 CVE-2016-6348 (JacksonJsonpInterceptor in RESTEasy might allow remote attackers to ...)
 	- resteasy <unfixed> (low; bug #837170)
 	[jessie] - resteasy <no-dsa> (Minor issue)
+	- resteasy3.0 <undetermined>
 CVE-2016-6347 (Cross-site scripting (XSS) vulnerability in the default exception ...)
 	- resteasy <unfixed> (low; bug #837170)
 	[jessie] - resteasy <no-dsa> (Minor issue)
+	- resteasy3.0 <undetermined>
 CVE-2016-6346 (RESTEasy enables GZIPInterceptor, which allows remote attackers to ...)
 	- resteasy <unfixed> (low; bug #837170)
 	[jessie] - resteasy <no-dsa> (Minor issue)
+	- resteasy3.0 <undetermined>
 CVE-2016-6345 (RESTEasy allows remote authenticated users to obtain sensitive ...)
 	- resteasy <unfixed> (low; bug #837170)
 	[jessie] - resteasy <no-dsa> (Minor issue)
+	- resteasy3.0 <undetermined>
 CVE-2016-6344 (Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a ...)
 	NOT-FOR-US: Red Hat JBoss bpm Suite
 CVE-2016-6343

More information about the Secure-testing-commits mailing list