[Git][security-tracker-team/security-tracker][master] Three curl CVEs were adressed in recent DLA

Tue, 06 Nov 2018 10:09:46 -0800 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4b5a6165 by Salvatore Bonaccorso at 2018-11-06T18:08:34Z
Three curl CVEs were adressed in recent DLA

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -102212,7 +102212,6 @@ CVE-2016-9587 (Ansible before versions 2.1.4, 2.2.1 
is vulnerable to an improper
 CVE-2016-9586 (curl before version 7.52.0 is vulnerable to a buffer overflow 
when ...)
        {DLA-767-1}
        - curl 7.52.1-1 (bug #848958)
-       [jessie] - curl <no-dsa> (Minor issue)
        NOTE: https://curl.haxx.se/docs/adv_20161221A.html
        NOTE: Fixed by: 
https://github.com/curl/curl/commit/3ab3c16db6a5674f53cf23d56512a405fde0b2c9
        NOTE: There are no known vulnerable applications but as this is a
@@ -110061,7 +110060,6 @@ CVE-2016-7168 (Cross-site scripting (XSS) 
vulnerability in the media_handle_uplo
 CVE-2016-7167 (Multiple integer overflows in the (1) curl_escape, (2) ...)
        {DLA-625-1}
        - curl 7.51.0-1 (bug #837945)
-       [jessie] - curl <no-dsa> (Minor issue, can be fixed in point release or 
next DSA)
        NOTE: Upstream advisory: https://curl.haxx.se/docs/adv_20160914.html
        NOTE: Upstream patch: https://curl.haxx.se/CVE-2016-7167.patch
        NOTE: Affected versions: libcurl 7.11.1 to and including 7.50.2
@@ -110198,7 +110196,6 @@ CVE-2016-7135 (Directory traversal vulnerability in 
Plone CMS 5.x through 5.0.6
 CVE-2016-7141 (curl and libcurl before 7.50.2, when built with NSS and the ...)
        {DLA-616-1}
        - curl 7.51.0-1 (bug #836918)
-       [jessie] - curl <no-dsa> (Minor issue, can be fixed in point release or 
next DSA; affects only NSS backend)
        NOTE: Only affects libcurl3-nss
        NOTE: http://seclists.org/oss-sec/2016/q3/419
        NOTE: https://curl.haxx.se/docs/adv_20160907.html



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b5a6165070a2f0626a3abf7a23cd7f6c2fa1d1e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b5a6165070a2f0626a3abf7a23cd7f6c2fa1d1e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to