Author: jmm Date: 2016-03-21 07:23:52 +0000 (Mon, 21 Mar 2016) New Revision: 40492
Modified: data/CVE/list Log: new moodle issues drop openssl entry, not treated as a security issue by upstream Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-03-21 05:24:30 UTC (rev 40491) +++ data/CVE/list 2016-03-21 07:23:52 UTC (rev 40492) @@ -1,6 +1,3 @@ -CVE-2012-XXXX [openssl: buffer overflow] - - openssl 1.0.2g-1 (bug #675436) - NOTE: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7ba08a4d73c1bdfd3aced09a628b1d7d7747cdca CVE-2016-3615 RESERVED CVE-2016-3614 @@ -3852,8 +3849,6 @@ NOTE: issue introduced in ~2008 with the SIP timer support implementation (https://issues.asterisk.org/jira/browse/ASTERISK-4257 https://issues.asterisk.org/jira/browse/ASTERISK-5187), so squeeze also vulnerable NOTE: patch for jessie / 11: https://code.asterisk.org/code/changelog/asterisk?cs=882e85388295eac8eebd0b82e71a9af0a769b41f NOTE: all versions vulnerable, backport required for wheezy -CVE-2016-XXXX [simpleid: passwords are stored as MD5] - - simpleid <unfixed> (bug #813611) CVE-2015-8807 [XSS in Horde_Core_VarRenderer_Html] RESERVED {DSA-3496-1} @@ -3993,10 +3988,12 @@ RESERVED CVE-2016-2153 RESERVED -CVE-2016-2152 +CVE-2016-2152 [MSA-16-0004: XSS from profile fields from external db] RESERVED -CVE-2016-2151 + - moodle <unfixed> +CVE-2016-2151 [MSA-16-0003: Incorrect capability check when displaying users emails in Participants list] RESERVED + - moodle <unfixed> CVE-2016-2150 RESERVED CVE-2016-2149 _______________________________________________ Secure-testing-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
