[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add four web2py issues
Salvatore Bonaccorso
carnil at debian.org
Fri Feb 23 14:09:20 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1671216f by Salvatore Bonaccorso at 2018-02-23T15:09:00+01:00
Add four web2py issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -88834,7 +88834,7 @@ CVE-2016-3960 (Integer overflow in the x86 shadow pagetable code in Xen allows l
- xen 4.8.0~rc3-1 (bug #823620)
NOTE: http://xenbits.xen.org/xsa/advisory-173.html
CVE-2016-3957 (The secure_load function in gluon/utils.py in web2py before 2.14.2 ...)
- TODO: check
+ - web2py <unfixed>
CVE-2016-3956 (The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js ...)
- npm <unfixed> (bug #850322)
[jessie] - npm <no-dsa> (Minor issue)
@@ -88842,11 +88842,11 @@ CVE-2016-3956 (The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Nod
NOTE: https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401 (2.15.1)
NOTE: https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29 (3.8.3)
CVE-2016-3954 (web2py before 2.14.2 allows remote attackers to obtain the ...)
- TODO: check
+ - web2py <unfixed>
CVE-2016-3953 (The sample web application in web2py before 2.14.2 might allow remote ...)
- TODO: check
+ - web2py <unfixed>
CVE-2016-3952 (web2py before 2.14.1, when using the standalone version, allows remote ...)
- TODO: check
+ - web2py <unfixed>
CVE-2016-3951 (Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux ...)
{DSA-3607-1 DLA-516-1}
- linux 4.5.1-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1671216f3d500692fffe4eeae56d4a528797869a
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1671216f3d500692fffe4eeae56d4a528797869a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180223/cd13aa6d/attachment.html>
More information about the Secure-testing-commits
mailing list