[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] web2py removed
Moritz Muehlenhoff
jmm at debian.org
Wed Mar 21 17:38:02 UTC 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7d078875 by Moritz Muehlenhoff at 2018-03-21T18:37:38+01:00
web2py removed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -90599,25 +90599,25 @@ CVE-2016-4809 (The archive_read_format_cpio_read_header function in ...)
NOTE: https://github.com/libarchive/libarchive/issues/705
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/fd7e0c02e272913a0a8b6d492c7260dfca0b1408 (v3.2.1)
CVE-2016-10321 (web2py before 2.14.6 does not properly check if a host is denied before ...)
- - web2py <unfixed> (bug #860038)
+ - web2py <removed> (bug #860038)
[jessie] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
[wheezy] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
NOTE: https://github.com/web2py/web2py/issues/1585#issuecomment-284317919
NOTE: https://github.com/web2py/web2py/commit/944d8bd8f3c5cf8ae296fc03d149056c65358426
CVE-2016-4808 (Web2py versions 2.14.5 and below was affected by CSRF (Cross Site ...)
- - web2py <unfixed> (bug #856127)
+ - web2py <removed> (bug #856127)
[jessie] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
[wheezy] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
NOTE: https://github.com/web2py/web2py/issues/1585
NOTE: https://github.com/web2py/web2py/commit/4bd002aee978813bc664cf186ef38ff4e8bbe1cd
CVE-2016-4807 (Web2py versions 2.14.5 and below was affected by Reflected XSS ...)
- - web2py <unfixed> (bug #856127)
+ - web2py <removed> (bug #856127)
[jessie] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
[wheezy] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
NOTE: https://github.com/web2py/web2py/issues/1585
NOTE: https://github.com/web2py/web2py/commit/51c3b633fe7ad647bc3013e899c1e3a910362dd1
CVE-2016-4806 (Web2py versions 2.14.5 and below was affected by Local File Inclusion ...)
- - web2py <unfixed> (bug #856127)
+ - web2py <removed> (bug #856127)
[jessie] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
[wheezy] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
NOTE: https://github.com/web2py/web2py/issues/1585
@@ -93122,7 +93122,7 @@ CVE-2016-3960 (Integer overflow in the x86 shadow pagetable code in Xen allows l
- xen 4.8.0~rc3-1 (bug #823620)
NOTE: http://xenbits.xen.org/xsa/advisory-173.html
CVE-2016-3957 (The secure_load function in gluon/utils.py in web2py before 2.14.2 ...)
- - web2py <unfixed> (bug #891220)
+ - web2py <removed> (bug #891220)
CVE-2016-3956 (The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js ...)
- npm <unfixed> (bug #850322)
[jessie] - npm <no-dsa> (Minor issue)
@@ -93130,11 +93130,11 @@ CVE-2016-3956 (The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Nod
NOTE: https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401 (2.15.1)
NOTE: https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29 (3.8.3)
CVE-2016-3954 (web2py before 2.14.2 allows remote attackers to obtain the ...)
- - web2py <unfixed> (bug #891220)
+ - web2py <removed> (bug #891220)
CVE-2016-3953 (The sample web application in web2py before 2.14.2 might allow remote ...)
- - web2py <unfixed> (bug #891220)
+ - web2py <removed> (bug #891220)
CVE-2016-3952 (web2py before 2.14.1, when using the standalone version, allows remote ...)
- - web2py <unfixed> (bug #891220)
+ - web2py <removed> (bug #891220)
CVE-2016-3951 (Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux ...)
{DSA-3607-1 DLA-516-1}
- linux 4.5.1-1
@@ -157352,7 +157352,7 @@ CVE-2013-6839 (SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and
CVE-2013-6838 (An unspecified Enghouse Interactive Professional Services "addon ...)
NOT-FOR-US: IVR Pro/Contact Center (VIP2000)
CVE-2013-6837 (Cross-site scripting (XSS) vulnerability in the setTimeout function in ...)
- - web2py <unfixed> (unimportant)
+ - web2py <removed> (unimportant)
NOTE: python-web2py contains /usr/share/web2py/applications/examples/static/js/jquery.prettyPhoto.js
NOTE: Only an example code
CVE-2013-6836 (Heap-based buffer overflow in the ms_escher_get_data function in ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7d078875b1df4ac2fa1011208df93563f545aa78
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7d078875b1df4ac2fa1011208df93563f545aa78
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180321/846f913f/attachment-0001.html>
More information about the Secure-testing-commits
mailing list