[Secure-testing-commits] r56010 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Sep 22 10:19:39 UTC 2017
Author: carnil
Date: 2017-09-22 10:19:39 +0000 (Fri, 22 Sep 2017)
New Revision: 56010
Modified:
data/CVE/list
Log:
Add libstruts1.2-java CVEs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-22 10:19:29 UTC (rev 56009)
+++ data/CVE/list 2017-09-22 10:19:39 UTC (rev 56010)
@@ -43980,7 +43980,8 @@
CVE-2016-8739 (The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to ...)
NOT-FOR-US: Apache CXF
CVE-2016-8738 (In Apache Struts 2.5 through 2.5.5, if an application allows entering ...)
- TODO: check
+ - libstruts1.2-java <removed>
+ NOTE: https://struts.apache.org/docs/s2-044.html
CVE-2016-8737 (In Apache Brooklyn before 0.10.0, the REST server is vulnerable to ...)
NOT-FOR-US: Apache Brooklyn
CVE-2016-8736
@@ -50297,7 +50298,8 @@
NOTE: Fixed by: http://svn.apache.org/r1758495 (7.0.x)
NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1758496 (6.0.x)
CVE-2016-6795 (In the Convention plugin in Apache Struts 2.3.20 through 2.3.30, it is ...)
- TODO: check
+ - libstruts1.2-java <removed>
+ NOTE: https://struts.apache.org/docs/s2-042.html
CVE-2016-6794 (When a SecurityManager is configured, a web application's ability to ...)
{DSA-3721-1 DSA-3720-1 DLA-729-1 DLA-728-1}
- tomcat8 8.0.37-1 (low)
More information about the Secure-testing-commits
mailing list