[Git][security-tracker-team/security-tracker][master] Update status for CVE-2016-6345

Sat Dec 4 16:40:52 GMT 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0cf8fed2 by Salvatore Bonaccorso at 2021-12-04T17:39:14+01:00
Update status for CVE-2016-6345

Note for reviewer: this is actually not so clear, the Red Hat bugreport
does not provide other references, but indicates that it is fixed in
3.1.0.RC1 and 3.0.20.Final. mark it for now as such as an exception :-/

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -318278,9 +318278,10 @@ CVE-2016-6346 (RESTEasy enables GZIPInterceptor, which allows remote attackers t
 	NOTE: https://issues.jboss.org/browse/RESTEASY-1484 (not public)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1372120
 CVE-2016-6345 (RESTEasy allows remote authenticated users to obtain sensitive informa ...)
-	- resteasy <unfixed> (low; bug #837170)
+	- resteasy 3.1.0-1 (low; bug #837170)
 	[jessie] - resteasy <no-dsa> (Minor issue)
-	- resteasy3.0 <undetermined>
+	- resteasy3.0 3.0.26-1
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1372117
 CVE-2016-6344 (Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a  ...)
 	NOT-FOR-US: Red Hat JBoss bpm Suite
 CVE-2016-6343 (JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Re ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0cf8fed2090aa50d35e9e09f21c733352ffb984a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0cf8fed2090aa50d35e9e09f21c733352ffb984a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211204/e861cabf/attachment.htm>
