Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 0c5fddd1 by Salvatore Bonaccorso at 2018-09-20T18:36:55Z Update status for CVE-2016-7965 Upstream considers this not a vulnerability and the issue itself can be adressed by properly configure dokuwiki as per https://github.com/splitbrain/dokuwiki/issues/1709 . As such enought to demote severity to unimportant. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -103096,10 +103096,10 @@ CVE-2016-7966 (Through a malicious URL that contained a quote character it was . - kcoreaddons 5.26.0-3 (bug #840547) NOTE: https://www.kde.org/info/security/advisory-20161006-1.txt CVE-2016-7965 (DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the ...) - - dokuwiki <unfixed> (bug #844732) - [jessie] - dokuwiki <no-dsa> (Minor issue) - [wheezy] - dokuwiki <no-dsa> (Minor issue) + - dokuwiki <unfixed> (bug #844732; unimportant) NOTE: https://github.com/splitbrain/dokuwiki/issues/1709 + NOTE: Can be adresesd by properly configure dokuwiki as per + NOTE: https://github.com/splitbrain/dokuwiki/issues/1709#issuecomment-262337572 CVE-2016-7964 (The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php ...) - dokuwiki <unfixed> (bug #844731) [jessie] - dokuwiki <no-dsa> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0c5fddd187688dcfc0faff169987eb69082e1bb9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0c5fddd187688dcfc0faff169987eb69082e1bb9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
