[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Feb 6 21:10:36 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a1227c77 by security tracker role at 2018-02-06T21:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,11 +1,213 @@
-CVE-2018-6758 [stack-based buffer overflow within uwsgi_expand_path]
+CVE-2018-6759 (The bfd_get_debug_link_info_1 function in opncls.c in the Binary File ...)
+ TODO: check
+CVE-2018-6757
+ RESERVED
+CVE-2018-6756
+ RESERVED
+CVE-2018-6755
+ RESERVED
+CVE-2018-6754
+ RESERVED
+CVE-2018-6753
+ RESERVED
+CVE-2018-6752
+ RESERVED
+CVE-2018-6751
+ RESERVED
+CVE-2018-6750
+ RESERVED
+CVE-2018-6749
+ RESERVED
+CVE-2018-6748
+ RESERVED
+CVE-2018-6747
+ RESERVED
+CVE-2018-6746
+ RESERVED
+CVE-2018-6745
+ RESERVED
+CVE-2018-6744
+ RESERVED
+CVE-2018-6743
+ RESERVED
+CVE-2018-6742
+ RESERVED
+CVE-2018-6741
+ RESERVED
+CVE-2018-6740
+ RESERVED
+CVE-2018-6739
+ RESERVED
+CVE-2018-6738
+ RESERVED
+CVE-2018-6737
+ RESERVED
+CVE-2018-6736
+ RESERVED
+CVE-2018-6735
+ RESERVED
+CVE-2018-6734
+ RESERVED
+CVE-2018-6733
+ RESERVED
+CVE-2018-6732
+ RESERVED
+CVE-2018-6731
+ RESERVED
+CVE-2018-6730
+ RESERVED
+CVE-2018-6729
+ RESERVED
+CVE-2018-6728
+ RESERVED
+CVE-2018-6727
+ RESERVED
+CVE-2018-6726
+ RESERVED
+CVE-2018-6725
+ RESERVED
+CVE-2018-6724
+ RESERVED
+CVE-2018-6723
+ RESERVED
+CVE-2018-6722
+ RESERVED
+CVE-2018-6721
+ RESERVED
+CVE-2018-6720
+ RESERVED
+CVE-2018-6719
+ RESERVED
+CVE-2018-6718
+ RESERVED
+CVE-2018-6717
+ RESERVED
+CVE-2018-6716
+ RESERVED
+CVE-2018-6715
+ RESERVED
+CVE-2018-6714
+ RESERVED
+CVE-2018-6713
+ RESERVED
+CVE-2018-6712
+ RESERVED
+CVE-2018-6711
+ RESERVED
+CVE-2018-6710
+ RESERVED
+CVE-2018-6709
+ RESERVED
+CVE-2018-6708
+ RESERVED
+CVE-2018-6707
+ RESERVED
+CVE-2018-6706
+ RESERVED
+CVE-2018-6705
+ RESERVED
+CVE-2018-6704
+ RESERVED
+CVE-2018-6703
+ RESERVED
+CVE-2018-6702
+ RESERVED
+CVE-2018-6701
+ RESERVED
+CVE-2018-6700
+ RESERVED
+CVE-2018-6699
+ RESERVED
+CVE-2018-6698
+ RESERVED
+CVE-2018-6697
+ RESERVED
+CVE-2018-6696
+ RESERVED
+CVE-2018-6695
+ RESERVED
+CVE-2018-6694
+ RESERVED
+CVE-2018-6693
+ RESERVED
+CVE-2018-6692
+ RESERVED
+CVE-2018-6691
+ RESERVED
+CVE-2018-6690
+ RESERVED
+CVE-2018-6689
+ RESERVED
+CVE-2018-6688
+ RESERVED
+CVE-2018-6687
+ RESERVED
+CVE-2018-6686
+ RESERVED
+CVE-2018-6685
+ RESERVED
+CVE-2018-6684
+ RESERVED
+CVE-2018-6683
+ RESERVED
+CVE-2018-6682
+ RESERVED
+CVE-2018-6681
+ RESERVED
+CVE-2018-6680
+ RESERVED
+CVE-2018-6679
+ RESERVED
+CVE-2018-6678
+ RESERVED
+CVE-2018-6677
+ RESERVED
+CVE-2018-6676
+ RESERVED
+CVE-2018-6675
+ RESERVED
+CVE-2018-6674
+ RESERVED
+CVE-2018-6673
+ RESERVED
+CVE-2018-6672
+ RESERVED
+CVE-2018-6671
+ RESERVED
+CVE-2018-6670
+ RESERVED
+CVE-2018-6669
+ RESERVED
+CVE-2018-6668
+ RESERVED
+CVE-2018-6667
+ RESERVED
+CVE-2018-6666
+ RESERVED
+CVE-2018-6665
+ RESERVED
+CVE-2018-6664
+ RESERVED
+CVE-2018-6663
+ RESERVED
+CVE-2018-6662
+ RESERVED
+CVE-2018-6661
+ RESERVED
+CVE-2018-6660
+ RESERVED
+CVE-2018-6659
+ RESERVED
+CVE-2018-6658
+ RESERVED
+CVE-2018-6758 (The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through ...)
- uwsgi <unfixed> (bug #889753)
NOTE: http://lists.unbit.it/pipermail/uwsgi/2018-February/008835.html
NOTE: https://github.com/unbit/uwsgi/commit/cb4636f7c0af2e97a4eef7a3cdcbd85a71247bfe
CVE-2018-6657
RESERVED
-CVE-2018-6656
- RESERVED
+CVE-2018-6656 (Z-BlogPHP 1.5.1 has CSRF via zb_users/plugin/AppCentre/app_del.php, as ...)
+ TODO: check
CVE-2018-6655
RESERVED
CVE-2018-6654 (The Grammarly extension before 2018-02-02 for Chrome allows remote ...)
@@ -351,7 +553,7 @@ CVE-2018-6571
RESERVED
CVE-2018-6570
RESERVED
-CVE-2018-6569 (West Wind Web Server 6.x does not require autheentication for ...)
+CVE-2018-6569 (West Wind Web Server 6.x does not require authentication for ...)
NOT-FOR-US: West Wind Web Server
CVE-2018-6568
RESERVED
@@ -703,14 +905,14 @@ CVE-2018-6471 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file
NOT-FOR-US: SUPERAntiSpyware Professional Trial
CVE-2018-6470 (Nibbleblog 4.0.5 on macOS defaults to having .DS_Store in each ...)
NOT-FOR-US: Nibbleblog on macOS
-CVE-2018-6469
- RESERVED
-CVE-2018-6468
- RESERVED
-CVE-2018-6467
- RESERVED
-CVE-2018-6466
- RESERVED
+CVE-2018-6469 (A cross-site scripting (XSS) vulnerability in flickrRSS.php in the ...)
+ TODO: check
+CVE-2018-6468 (A cross-site scripting (XSS) vulnerability in flickrRSS.php in the ...)
+ TODO: check
+CVE-2018-6467 (The flickrRSS plugin 5.3.1 for WordPress has CSRF via ...)
+ TODO: check
+CVE-2018-6466 (A cross-site scripting (XSS) vulnerability in flickrRSS.php in the ...)
+ TODO: check
CVE-2018-6465 (The PropertyHive plugin before 1.4.15 for WordPress has XSS via the ...)
NOT-FOR-US: PropertyHive plugin for WordPress
CVE-2018-6464 (Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a ...)
@@ -864,7 +1066,7 @@ CVE-2018-6395 (SQL Injection exists in the Visual Calendar 3.1.3 component for J
NOT-FOR-US: Visual Calendar component for Joomla!
CVE-2018-6394
RESERVED
-CVE-2018-6393 (FreePBX 10.13.66-32bit allows post-authentication SQL injection via the ...)
+CVE-2018-6393 (FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow ...)
NOT-FOR-US: FreePBX
CVE-2018-6392 (The filter_slice function in libavfilter/vf_transpose.c in FFmpeg ...)
- ffmpeg <unfixed>
@@ -875,8 +1077,8 @@ CVE-2018-6391 (A cross-site request forgery web vulnerability has been discovere
NOT-FOR-US: Netis WF2419 V2.2.36123 devices
CVE-2018-6390 (The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 ...)
NOT-FOR-US: Kingsoft WPS Office
-CVE-2018-6389
- RESERVED
+CVE-2018-6389 (In WordPress through 4.9.2, unauthenticated attackers can cause a ...)
+ TODO: check
CVE-2018-6388 (iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow remote ...)
NOT-FOR-US: iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices
CVE-2018-6387 (iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a hardcoded ...)
@@ -1185,14 +1387,14 @@ CVE-2018-6293
RESERVED
CVE-2018-6292
RESERVED
-CVE-2018-6291
- RESERVED
-CVE-2018-6290
- RESERVED
-CVE-2018-6289
- RESERVED
-CVE-2018-6288
- RESERVED
+CVE-2018-6291 (WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway ...)
+ TODO: check
+CVE-2018-6290 (Local Privilege Escalation in Kaspersky Secure Mail Gateway version ...)
+ TODO: check
+CVE-2018-6289 (Configuration file injection leading to Code Execution as Root in ...)
+ TODO: check
+CVE-2018-6288 (Cross-site Request Forgery leading to Administrative account takeover ...)
+ TODO: check
CVE-2018-6287
RESERVED
CVE-2018-6286
@@ -3284,8 +3486,8 @@ CVE-2018-5459
RESERVED
CVE-2018-5458
RESERVED
-CVE-2018-5457
- RESERVED
+CVE-2018-5457 (A uncontrolled search path element issue was discovered in Vyaire ...)
+ TODO: check
CVE-2018-5456
RESERVED
CVE-2018-5455
@@ -4776,11 +4978,10 @@ CVE-2018-4880
RESERVED
CVE-2018-4879
RESERVED
-CVE-2018-4878
- RESERVED
+CVE-2018-4878 (A use-after-free vulnerability was discovered in Adobe Flash Player ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2018-4877
- RESERVED
+CVE-2018-4877 (A use-after-free vulnerability was discovered in Adobe Flash Player ...)
+ TODO: check
CVE-2018-4876
RESERVED
CVE-2018-4875
@@ -7210,8 +7411,8 @@ CVE-2017-17997 (In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14299
NOTE: https://code.wireshark.org/review/#/c/25063/
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=80a695869c9aef2fb473d9361da068022be7cb50
-CVE-2017-17996
- RESERVED
+CVE-2017-17996 (A buffer overflow vulnerability in "Add command" functionality exists ...)
+ TODO: check
CVE-2017-17995 (Biometric Shift Employee Management System has XSS via the Last_Name ...)
NOT-FOR-US: Biometric Shift Employee Management System
CVE-2017-17994 (Biometric Shift Employee Management System has XSS via the criteria ...)
@@ -13266,8 +13467,8 @@ CVE-2017-17664 (A Remote Crash issue was discovered in Asterisk Open Source 13.x
NOTE: http://downloads.digium.com/pub/security/AST-2017-012.html
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27382
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27429
-CVE-2017-17663
- RESERVED
+CVE-2017-17663 (The htpasswd implementation of mini_httpd before v1.28 and of thttpd ...)
+ TODO: check
CVE-2017-17662 (Directory traversal in the HTTP server on Yawcam 0.2.6 through 0.6.0 ...)
NOT-FOR-US: Yawcam
CVE-2017-17661
@@ -13957,8 +14158,7 @@ CVE-2018-1301
RESERVED
CVE-2018-1300
RESERVED
-CVE-2018-1299
- RESERVED
+CVE-2018-1299 (In Apache Allura before 1.8.0, unauthenticated attackers may retrieve ...)
NOT-FOR-US: Apache Allura
CVE-2018-1298
RESERVED
@@ -23519,8 +23719,7 @@ CVE-2017-15096 (A flaw was found in GlusterFS in versions prior to 3.10. A null
NOTE: https://review.gluster.org/18539 (release-3.10)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1502928
NOTE: Fixed by: http://git.gluster.org/cgit/glusterfs.git/commit/?id=1f48d17fee0cac95648ec34d13f038b27ef5c6ac
-CVE-2017-15095 [Incomplete fixes for CVE-2017-7525]
- RESERVED
+CVE-2017-15095 (A deserialization flaw was discovered in the jackson-databind in ...)
{DSA-4037-1}
- jackson-databind 2.9.1-1
NOTE: The Debian upload for stretch (2.8.6-1+deb9u1) and jessie (2.4.2-2+deb8u1)
@@ -46583,8 +46782,7 @@ CVE-2017-7526 [Use of left-to-right sliding window method allows full RSA key re
NOTE: For GnuPG: https://lists.gnupg.org/pipermail/gnupg-users/2017-July/058598.html
NOTE: GnuPG: https://dev.gnupg.org/rC8725c99ffa41778f382ca97233183bcd687bb0ce
NOTE: GnuPG1: https://dev.gnupg.org/D438
-CVE-2017-7525 [Deserialization vulnerability via readValue method of ObjectMapper]
- RESERVED
+CVE-2017-7525 (A deserialization flaw was discovered in the jackson-databind, ...)
{DSA-4004-1}
- jackson-databind 2.9.1-1 (bug #870848)
NOTE: https://github.com/FasterXML/jackson-databind/issues/1599
@@ -50717,8 +50915,8 @@ CVE-2017-6281
RESERVED
CVE-2017-6280
RESERVED
-CVE-2017-6279
- RESERVED
+CVE-2017-6279 (NVIDIA libnvmmlite_audio.so contains an elevation of privilege ...)
+ TODO: check
CVE-2017-6278
RESERVED
CVE-2017-6277 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
@@ -50794,8 +50992,8 @@ CVE-2017-6259 (NVIDIA GPU Display Driver contains a vulnerability in the kernel
[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
- nvidia-graphics-drivers-legacy-340xx <not-affected> (Limited to E384 and E375)
- nvidia-graphics-drivers-legacy-304xx <not-affected> (Limited to E384 and E375)
-CVE-2017-6258
- RESERVED
+CVE-2017-6258 (NVIDIA libnvmmlite_audio.so contains an elevation of privilege ...)
+ TODO: check
CVE-2017-6257 (NVIDIA GPU Display Driver contains a vulnerability in the kernel mode ...)
- nvidia-graphics-drivers 375.82-1 (bug #869783)
[stretch] - nvidia-graphics-drivers 375.82-1~deb9u1
@@ -50917,14 +51115,14 @@ CVE-2017-6203
RESERVED
CVE-2017-6202
RESERVED
-CVE-2017-6201
- RESERVED
-CVE-2017-6200
- RESERVED
-CVE-2017-6199
- RESERVED
-CVE-2017-6198
- RESERVED
+CVE-2017-6201 (A Server Side Request Forgery vulnerability exists in the install app ...)
+ TODO: check
+CVE-2017-6200 (Sandstorm before build 0.203 allows remote attackers to read any ...)
+ TODO: check
+CVE-2017-6199 (A remote attacker could bypass the Sandstorm organization restriction ...)
+ TODO: check
+CVE-2017-6198 (The Supervisor in Sandstorm doesn't set and enforce the resource ...)
+ TODO: check
CVE-2017-6197 (The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 ...)
{DLA-837-1}
- radare2 1.1.0+dfsg-2 (bug #856063)
@@ -50999,8 +51197,8 @@ CVE-2017-6171
RESERVED
CVE-2017-6170
RESERVED
-CVE-2017-6169
- RESERVED
+CVE-2017-6169 (In versions 13.0.0, 12.0.0-12.1.3, or 11.6.0-11.6.2, an F5 BIG-IP ...)
+ TODO: check
CVE-2017-6168 (On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 ...)
NOT-FOR-US: F5 BIG-IP
NOTE: https://support.f5.com/csp/article/K21905460
@@ -61981,7 +62179,7 @@ CVE-2017-2621 [/var/log/heat/ is world readable]
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1420990
CVE-2017-2620 [display: cirrus: out-of-bounds access issue while in cirrus_bitblt_cputovideo]
RESERVED
- {DLA-845-1 DLA-842-1}
+ {DLA-1270-1 DLA-845-1 DLA-842-1}
- qemu 1:2.8+dfsg-3 (bug #855791)
- qemu-kvm <removed>
- xen 4.4.0-1
@@ -67429,6 +67627,7 @@ CVE-2017-0306 (An elevation of privilege vulnerability in the NVIDIA GPU driver
CVE-2016-9638 (In BMC Patrol before 9.13.10.02, the binary "listguests64" is ...)
NOT-FOR-US: BMC Patrol
CVE-2016-9637 (The (1) ioport_read and (2) ioport_write functions in Xen, when qemu ...)
+ {DLA-1270-1}
- qemu <not-affected> (Vulnerability specific to Xen)
- qemu-kvm <not-affected> (Vulnerability specific to Xen)
- xen 4.4.0-1
@@ -67480,7 +67679,7 @@ CVE-2016-9604
NOTE: Fixed by: https://git.kernel.org/linus/ee8f844e3c5a73b999edf733df1c529d6503ec2f
CVE-2016-9603 [cirrus: heap buffer overflow via vnc connection]
RESERVED
- {DLA-1035-1 DLA-939-1}
+ {DLA-1270-1 DLA-1035-1 DLA-939-1}
- qemu 1:2.8+dfsg-4 (bug #857744)
- qemu-kvm <removed>
- xen 4.4.0-1
@@ -74941,8 +75140,8 @@ CVE-2016-7395 (SkPath.cpp in Skia, as used in Google Chrome before 53.0.2785.89
{DSA-3667-1}
- chromium-browser 53.0.2785.92-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-7394
- RESERVED
+CVE-2016-7394 (tiki wiki cms groupware <=15.2 has a xss vulnerability, allow ...)
+ TODO: check
CVE-2016-7391 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU ...)
NOT-FOR-US: Nvidia Windows driver
CVE-2016-7390 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU ...)
@@ -76648,8 +76847,8 @@ CVE-2016-6814 (When an application with unsupported Codehaus versions of Groovy
[jessie] - groovy 1.8.6-4+deb8u2
- groovy2 <removed>
[jessie] - groovy2 2.2.2+dfsg-3+deb8u2
-CVE-2016-6813
- RESERVED
+CVE-2016-6813 (Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call ...)
+ TODO: check
CVE-2016-6812 (The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x ...)
NOT-FOR-US: Apache CXF
CVE-2016-6811
@@ -86661,20 +86860,20 @@ CVE-2016-3960 (Integer overflow in the x86 shadow pagetable code in Xen allows l
{DSA-3554-1 DLA-571-1}
- xen 4.8.0~rc3-1 (bug #823620)
NOTE: http://xenbits.xen.org/xsa/advisory-173.html
-CVE-2016-3957
- RESERVED
+CVE-2016-3957 (The secure_load function in gluon/utils.py in web2py before 2.14.2 ...)
+ TODO: check
CVE-2016-3956 (The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js ...)
- npm <unfixed> (bug #850322)
[jessie] - npm <no-dsa> (Minor issue)
NOTE: https://github.com/npm/npm/issues/8380
NOTE: https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401 (2.15.1)
NOTE: https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29 (3.8.3)
-CVE-2016-3954
- RESERVED
-CVE-2016-3953
- RESERVED
-CVE-2016-3952
- RESERVED
+CVE-2016-3954 (web2py before 2.14.2 allows remote attackers to obtain the ...)
+ TODO: check
+CVE-2016-3953 (The sample web application in web2py before 2.14.2 might allow remote ...)
+ TODO: check
+CVE-2016-3952 (web2py before 2.14.1, when using the standalone version, allows remote ...)
+ TODO: check
CVE-2016-3951 (Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux ...)
{DSA-3607-1 DLA-516-1}
- linux 4.5.1-1
@@ -111104,8 +111303,8 @@ CVE-2015-4402
RESERVED
CVE-2015-4401
RESERVED
-CVE-2015-4400
- RESERVED
+CVE-2015-4400 (Ring (formerly DoorBot) video doorbells allow remote attackers to ...)
+ TODO: check
CVE-2015-4399
RESERVED
CVE-2015-4398 (Open redirect vulnerability in the Chaos tool suite (ctools) module ...)
@@ -113277,10 +113476,10 @@ CVE-2015-3621 (Untrusted search path vulnerability in SAP Enterprise Central ...
NOT-FOR-US: SAP ECC
CVE-2015-3620 (Cross-site scripting (XSS) vulnerability in the advanced dataset ...)
NOT-FOR-US: Fortinet FortiAnalyzer
-CVE-2015-3619
- RESERVED
-CVE-2015-3618
- RESERVED
+CVE-2015-3619 (Cross-site scripting (XSS) vulnerability in assets/js/vm2admin.js in ...)
+ TODO: check
+CVE-2015-3618 (Cross-site scripting (XSS) vulnerability in Nagios Business Process ...)
+ TODO: check
CVE-2015-3617 (Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow ...)
NOT-FOR-US: Fortinet
CVE-2015-3616 (SQL injection vulnerability in Fortinet FortiManager 5.0.x before ...)
@@ -135546,16 +135745,13 @@ CVE-2014-5284 (host-deny.sh in OSSEC before 2.8.1 writes to temporary files with
- ossec-hids <itp> (bug #361954)
CVE-2014-5283
RESERVED
-CVE-2014-5282 [Tagging image to ID can redirect images on subsequent pulls]
- RESERVED
+CVE-2014-5282 (Docker before 1.3 does not properly validate image IDs, which allows ...)
- docker.io 1.3.0~dfsg1-1
CVE-2014-5281
RESERVED
-CVE-2014-5280 [Cross-site request forgery attack possible against Docker daemon]
- RESERVED
+CVE-2014-5280 (boot2docker 1.2 and earlier allows attackers to conduct cross-site ...)
NOT-FOR-US: boot2docker
-CVE-2014-5279 [boot2docker allows privilege escalation from children containers]
- RESERVED
+CVE-2014-5279 (The Docker daemon managed by boot2docker 1.2 and earlier improperly ...)
NOT-FOR-US: boot2docker
CVE-2014-5278
RESERVED
@@ -157616,8 +157812,7 @@ CVE-2013-4318
RESERVED
NOT-FOR-US: Ruby gem Features
NOTE: http://www.openwall.com/lists/oss-security/2013/09/09/9
-CVE-2013-4317
- RESERVED
+CVE-2013-4317 (In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API ...)
NOT-FOR-US: CloudStack
CVE-2013-4316 (Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation ...)
- libstruts1.2-java <not-affected> (Affects Struts 2.0.0 - Struts 2.3.15.1)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a1227c77ae695d21493e4b64f30f2fd163e49ba8
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a1227c77ae695d21493e4b64f30f2fd163e49ba8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180206/48e8909b/attachment-0001.html>
More information about the Secure-testing-commits
mailing list