[Git][security-tracker-team/security-tracker][master] Clarify status for CVE-2016-5397/thrift
Salvatore Bonaccorso
carnil at debian.org
Sun May 6 07:38:01 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
94188622 by Salvatore Bonaccorso at 2018-05-06T08:37:25+02:00
Clarify status for CVE-2016-5397/thrift
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -93497,12 +93497,15 @@ CVE-2016-5398 (Cross-site scripting (XSS) vulnerability in Business Process Edit
NOT-FOR-US: JBoss BPMS
CVE-2016-5397 (The Apache Thrift Go client library exposed the potential during code ...)
- thrift-compiler <unfixed> (unimportant; bug #894577)
- - thrift <unfixed> (unimportant)
+ [experimental] - thrift 0.10.0-1 (unimportant)
NOTE: https://issues.apache.org/jira/browse/THRIFT-3893
NOTE: https://github.com/apache/thrift/commit/2007783e874d524a46b818598a45078448ecc53e
NOTE: Fixed in 0.10.0 upstream, and in experimental src:thrift/0.10.0-1 is present
NOTE: src:thrift only present in experimental
NOTE: Go bindings only enabled in 0.9.3-2 (not yet in unstable)
+ NOTE: Only ever affected src:thrift in experimental, and fixed in src:thrift/0.10.0-1
+ NOTE: so any future upload of thrift to unstable can mark this item as <not-affected>
+ NOTE: (fixed before the initial upload to Debian unstable)
CVE-2016-5396 (Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb ...)
- trafficserver 7.0.0-1
[wheezy] - trafficserver <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/941886229beb6464bb62e58c351900e541eaf9e2
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/941886229beb6464bb62e58c351900e541eaf9e2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180506/ca87c99a/attachment.html>
More information about the debian-security-tracker-commits
mailing list