Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 4b5a6165 by Salvatore Bonaccorso at 2018-11-06T18:08:34Z Three curl CVEs were adressed in recent DLA - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -102212,7 +102212,6 @@ CVE-2016-9587 (Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper CVE-2016-9586 (curl before version 7.52.0 is vulnerable to a buffer overflow when ...) {DLA-767-1} - curl 7.52.1-1 (bug #848958) - [jessie] - curl <no-dsa> (Minor issue) NOTE: https://curl.haxx.se/docs/adv_20161221A.html NOTE: Fixed by: https://github.com/curl/curl/commit/3ab3c16db6a5674f53cf23d56512a405fde0b2c9 NOTE: There are no known vulnerable applications but as this is a @@ -110061,7 +110060,6 @@ CVE-2016-7168 (Cross-site scripting (XSS) vulnerability in the media_handle_uplo CVE-2016-7167 (Multiple integer overflows in the (1) curl_escape, (2) ...) {DLA-625-1} - curl 7.51.0-1 (bug #837945) - [jessie] - curl <no-dsa> (Minor issue, can be fixed in point release or next DSA) NOTE: Upstream advisory: https://curl.haxx.se/docs/adv_20160914.html NOTE: Upstream patch: https://curl.haxx.se/CVE-2016-7167.patch NOTE: Affected versions: libcurl 7.11.1 to and including 7.50.2 @@ -110198,7 +110196,6 @@ CVE-2016-7135 (Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 CVE-2016-7141 (curl and libcurl before 7.50.2, when built with NSS and the ...) {DLA-616-1} - curl 7.51.0-1 (bug #836918) - [jessie] - curl <no-dsa> (Minor issue, can be fixed in point release or next DSA; affects only NSS backend) NOTE: Only affects libcurl3-nss NOTE: http://seclists.org/oss-sec/2016/q3/419 NOTE: https://curl.haxx.se/docs/adv_20160907.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b5a6165070a2f0626a3abf7a23cd7f6c2fa1d1e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b5a6165070a2f0626a3abf7a23cd7f6c2fa1d1e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits