[Git][security-tracker-team/security-tracker][master] Three curl CVEs were adressed in recent DLA

Salvatore Bonaccorso carnil at debian.org
Tue Nov 6 18:08:55 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4b5a6165 by Salvatore Bonaccorso at 2018-11-06T18:08:34Z
Three curl CVEs were adressed in recent DLA

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -102212,7 +102212,6 @@ CVE-2016-9587 (Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper
 CVE-2016-9586 (curl before version 7.52.0 is vulnerable to a buffer overflow when ...)
 	{DLA-767-1}
 	- curl 7.52.1-1 (bug #848958)
-	[jessie] - curl <no-dsa> (Minor issue)
 	NOTE: https://curl.haxx.se/docs/adv_20161221A.html
 	NOTE: Fixed by: https://github.com/curl/curl/commit/3ab3c16db6a5674f53cf23d56512a405fde0b2c9
 	NOTE: There are no known vulnerable applications but as this is a
@@ -110061,7 +110060,6 @@ CVE-2016-7168 (Cross-site scripting (XSS) vulnerability in the media_handle_uplo
 CVE-2016-7167 (Multiple integer overflows in the (1) curl_escape, (2) ...)
 	{DLA-625-1}
 	- curl 7.51.0-1 (bug #837945)
-	[jessie] - curl <no-dsa> (Minor issue, can be fixed in point release or next DSA)
 	NOTE: Upstream advisory: https://curl.haxx.se/docs/adv_20160914.html
 	NOTE: Upstream patch: https://curl.haxx.se/CVE-2016-7167.patch
 	NOTE: Affected versions: libcurl 7.11.1 to and including 7.50.2
@@ -110198,7 +110196,6 @@ CVE-2016-7135 (Directory traversal vulnerability in Plone CMS 5.x through 5.0.6
 CVE-2016-7141 (curl and libcurl before 7.50.2, when built with NSS and the ...)
 	{DLA-616-1}
 	- curl 7.51.0-1 (bug #836918)
-	[jessie] - curl <no-dsa> (Minor issue, can be fixed in point release or next DSA; affects only NSS backend)
 	NOTE: Only affects libcurl3-nss
 	NOTE: http://seclists.org/oss-sec/2016/q3/419
 	NOTE: https://curl.haxx.se/docs/adv_20160907.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b5a6165070a2f0626a3abf7a23cd7f6c2fa1d1e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b5a6165070a2f0626a3abf7a23cd7f6c2fa1d1e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181106/000aabcf/attachment.html>

More information about the debian-security-tracker-commits mailing list