[Secure-testing-commits] r46179 - data/CVE

Salvatore Bonaccorso Mon, 14 Nov 2016 05:22:34 -0800

Author: carnil
Date: 2016-11-14 13:21:51 +0000 (Mon, 14 Nov 2016)
New Revision: 46179


Modified:
   data/CVE/list
Log:
Update status for CVE-2015-5189/pcs

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-11-14 13:17:13 UTC (rev 46178)
+++ data/CVE/list       2016-11-14 13:21:51 UTC (rev 46179)
@@ -39876,10 +39876,9 @@
        - pcs <not-affected> (Fixed before initial release to Debian)
        NOTE: 
https://github.com/feist/pcs/commit/634f6d93e4091946441f366e29859ed64a2c977a 
(0.9.144)
 CVE-2015-5189 (Race condition in pcsd in PCS 0.9.139 and earlier uses a global 
...)
-       - pcs <unfixed>
+       - pcs <not-affected> (Fixed before the initial release in Debian)
        NOTE: Patch in Fedora: 
http://pkgs.fedoraproject.org/cgit/rpms/pcs.git/plain/fixed-session-and-cookies-processing.patch?h=f22&id=c4b5ad398cb011cdf31374d37943b6593411ae65
        NOTE: Patch in CentOS 7 corresponding to RHSA-2015:1700: 
https://git.centos.org/blob/rpms!pcs/bafb6400d552c4d9e9cb46ddbe523e8f47e0de63/SOURCES!bz1253289-fixed-session-and-cookies-processing.patch
-       TODO: check, doesn't seem "apply" in most recent pcs (0.9.148-1.1), 
double check
 CVE-2015-5188 (Cross-site request forgery (CSRF) vulnerability in the Web 
Console ...)
        NOT-FOR-US: JBoss EAP
 CVE-2015-5187


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46179 - data/CVE

Reply via email to