[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] remove TOOD for thrift copy in HHVM, not relevant here
Moritz Muehlenhoff
jmm at debian.org
Wed Feb 14 21:58:12 UTC 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
518d9e80 by Moritz Muehlenhoff at 2018-02-14T22:57:49+01:00
remove TOOD for thrift copy in HHVM, not relevant here
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -82661,12 +82661,10 @@ CVE-2016-5398 (Cross-site scripting (XSS) vulnerability in Business Process Edit
NOT-FOR-US: JBoss BPMS
CVE-2016-5397 (The Apache Thrift Go client library exposed the potential during code ...)
- thrift-compiler <unfixed>
- - hhvm <unfixed>
NOTE: https://issues.apache.org/jira/browse/THRIFT-3893
NOTE: https://github.com/apache/thrift/commit/2007783e874d524a46b818598a45078448ecc53e
NOTE: Fixed in 0.10.0 upstream, and in experimental src:thrift/0.10.0-1 is present
NOTE: src:thrift only present in experimental
- TODO: check (hhvm embedds it, used?)
CVE-2016-5396 (Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb ...)
- trafficserver 7.0.0-1
[wheezy] - trafficserver <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/518d9e80209f0a93efe466835ae7f9a401a7fda8
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/518d9e80209f0a93efe466835ae7f9a401a7fda8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180214/0be6b239/attachment.html>
More information about the Secure-testing-commits
mailing list