[Git][security-tracker-team/security-tracker][master] Update status for CVE-2016-1566/guacamole-client

Salvatore Bonaccorso carnil at debian.org
Sat Oct 10 18:46:23 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
33919ab8 by Salvatore Bonaccorso at 2020-10-10T19:44:12+02:00
Update status for CVE-2016-1566/guacamole-client

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -253717,11 +253717,11 @@ CVE-2016-1567 (chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer asso
 	NOTE: Fix for 2.x http://git.tuxfamily.org/chrony/chrony.git/commit/?id=a78bf9725a7b481ebff0e0c321294ba767f2c1d8
 	NOTE: Fix for 1.x http://git.tuxfamily.org/chrony/chrony.git/commit/?h=1.31-security&id=df46e5ca5d70be1c0ae037f96b4b038362703832
 CVE-2016-1566 (Cross-site scripting (XSS) vulnerability in the file browser in Guacam ...)
-	- guacamole-client <unfixed> (bug #859136)
-	[stretch] - guacamole-client <no-dsa> (Minor issue)
-	[jessie] - guacamole-client <not-affected> (Vulnerable code not present)
+	- guacamole-client <not-affected> (Vulnerable code never present in released Debian version, cf #859136)
 	- guacamole <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://github.com/glyptodon/guacamole-client/commit/7da13129c432d1c0a577342a9bf23ca2bde9c367
+	NOTE: The Debian released versions never contained the broken code in guacFileBrowser.js
+	NOTE: in a released version.
 CVE-2016-1565 (Cross-site scripting (XSS) vulnerability in the Field Group module 7.x ...)
 	NOT-FOR-US: Field Group module for Drupal
 CVE-2015-8768 (click/install.py in click does not require files in package filesystem ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33919ab816f2d80e4a5b2234a75f4309ef9f7e53

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33919ab816f2d80e4a5b2234a75f4309ef9f7e53
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201010/ebfd6823/attachment.html>

More information about the debian-security-tracker-commits mailing list