[Git][security-tracker-team/security-tracker][master] Clarify status for CVE-2016-5397/thrift

Salvatore Bonaccorso carnil at debian.org
Sun May 6 07:38:01 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
94188622 by Salvatore Bonaccorso at 2018-05-06T08:37:25+02:00
Clarify status for CVE-2016-5397/thrift

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -93497,12 +93497,15 @@ CVE-2016-5398 (Cross-site scripting (XSS) vulnerability in Business Process Edit
 	NOT-FOR-US: JBoss BPMS
 CVE-2016-5397 (The Apache Thrift Go client library exposed the potential during code ...)
 	- thrift-compiler <unfixed> (unimportant; bug #894577)
-	- thrift <unfixed> (unimportant)
+	[experimental] - thrift 0.10.0-1 (unimportant)
 	NOTE: https://issues.apache.org/jira/browse/THRIFT-3893
 	NOTE: https://github.com/apache/thrift/commit/2007783e874d524a46b818598a45078448ecc53e
 	NOTE: Fixed in 0.10.0 upstream, and in experimental src:thrift/0.10.0-1 is present
 	NOTE: src:thrift only present in experimental
 	NOTE: Go bindings only enabled in 0.9.3-2 (not yet in unstable)
+	NOTE: Only ever affected src:thrift in experimental, and fixed in src:thrift/0.10.0-1
+	NOTE: so any future upload of thrift to unstable can mark this item as <not-affected>
+	NOTE: (fixed before the initial upload to Debian unstable)
 CVE-2016-5396 (Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb ...)
 	- trafficserver 7.0.0-1
 	[wheezy] - trafficserver <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/941886229beb6464bb62e58c351900e541eaf9e2

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/941886229beb6464bb62e58c351900e541eaf9e2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180506/ca87c99a/attachment.html>

More information about the debian-security-tracker-commits mailing list