[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] thrift unimportant

Mon Apr 2 12:13:39 BST 2018

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ee12b179 by Moritz Muehlenhoff at 2018-04-02T13:11:11+02:00
thrift unimportant

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -88897,11 +88897,13 @@ CVE-2016-5399 (The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x 
 CVE-2016-5398 (Cross-site scripting (XSS) vulnerability in Business Process Editor in ...)
 	NOT-FOR-US: JBoss BPMS
 CVE-2016-5397 (The Apache Thrift Go client library exposed the potential during code ...)
-	- thrift-compiler <unfixed>
+	- thrift-compiler <unfixed> (unimportant)
+	- thrift <unfixed> (unimportant)
 	NOTE: https://issues.apache.org/jira/browse/THRIFT-3893
 	NOTE: https://github.com/apache/thrift/commit/2007783e874d524a46b818598a45078448ecc53e
 	NOTE: Fixed in 0.10.0 upstream, and in experimental src:thrift/0.10.0-1 is present
 	NOTE: src:thrift only present in experimental
+	NOTE: Go bindings only enabled in 0.9.3-2 (not yet in unstable)
 CVE-2016-5396 (Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb ...)
 	- trafficserver 7.0.0-1
 	[wheezy] - trafficserver <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ee12b1797f1b996b6f8b7ece494d390dbc29853b

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ee12b1797f1b996b6f8b7ece494d390dbc29853b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180402/d6066fd8/attachment.html>
