[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2017-1000420/syncthing
Salvatore Bonaccorso
carnil at debian.org
Sat Jan 6 22:48:10 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
73addc9f by Salvatore Bonaccorso at 2018-01-06T23:10:45+01:00
Add CVE-2017-1000420/syncthing
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3098,7 +3098,10 @@ CVE-2017-1000421 (Gifsicle gifview 1.89 and older is vulnerable to a use-after-f
NOTE: https://github.com/kohler/gifsicle/issues/114
NOTE: https://github.com/kohler/gifsicle/commit/81fd7823f6d9c85ab598bc850e40382068361185
CVE-2017-1000420 (Syncthing version 0.14.33 and older is vulnerable to symlink traversal ...)
- TODO: check
+ - syncthing 0.14.36+ds1-1
+ NOTE: https://github.com/syncthing/syncthing/commit/1f09488a0f1fdca07076b007b9789f23a6df1060 (v0.14.34)
+ NOTE: https://github.com/syncthing/syncthing/commit/a0f771c221f6ef18fcc496e736670d85f36b8dec
+ NOTE: https://github.com/syncthing/syncthing/issues/4286
CVE-2017-1000419 (phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar ...)
- phpbb3 <removed>
CVE-2017-1000418 (The WildMidi_Open function in WildMIDI since commit ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/73addc9f9ca32a37b84935ef9649f87609fdc782
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/73addc9f9ca32a37b84935ef9649f87609fdc782
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180106/dd67e6d5/attachment.html>
More information about the Secure-testing-commits
mailing list