Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c5753c05 by Salvatore Bonaccorso at 2018-02-14T07:28:18+01:00
Add CVE-2016-5397/thrift-compiler
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -82444,7 +82444,13 @@ CVE-2016-5399 (The bzread function in ext/bz2/bz2.c in
PHP before 5.5.38, 5.6.x
CVE-2016-5398 (Cross-site scripting (XSS) vulnerability in Business Process
Editor in ...)
NOT-FOR-US: JBoss BPMS
CVE-2016-5397 (The Apache Thrift Go client library exposed the potential
during code ...)
- TODO: check
+ - thrift-compiler <unfixed>
+ - hhvm <unfixed>
+ NOTE: https://issues.apache.org/jira/browse/THRIFT-3893
+ NOTE:
https://github.com/apache/thrift/commit/2007783e874d524a46b818598a45078448ecc53e
+ NOTE: Fixed in 0.10.0 upstream, and in experimental src:thrift/0.10.0-1
is present
+ NOTE: src:thrift only present in experimental
+ TODO: check (hhvm embedds it, used?)
CVE-2016-5396 (Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK
Bomb ...)
- trafficserver 7.0.0-1
[wheezy] - trafficserver <not-affected> (Vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c5753c05a3473c7744b91504913f052fd1e3fe31
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c5753c05a3473c7744b91504913f052fd1e3fe31
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
