[Secure-testing-commits] r47140 - data/CVE

Salvatore Bonaccorso Fri, 16 Dec 2016 11:34:16 -0800

Author: carnil
Date: 2016-12-16 19:33:34 +0000 (Fri, 16 Dec 2016)
New Revision: 47140


Modified:
   data/CVE/list
Log:
Update CVE-2016-9565, remove other source packages

The CVE is specific for the nagios3 issue. The libphp-snoopy issue is
handled via the original CVE-2008-4796 and with CVE-2014-5009 for the
incomplete fix back then.

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-12-16 18:46:15 UTC (rev 47139)
+++ data/CVE/list       2016-12-16 19:33:34 UTC (rev 47140)
@@ -8034,11 +8034,7 @@
        NOTE: 
https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html
 CVE-2016-9565 [Curl Command Injection]
        RESERVED
-       - moodle <unfixed>
-       - libphp-snoopy <unfixed>
        - nagios3 3.5.1-1
-       TODO: investigate if moodle and libphp-snoopy are vulnerable
-       TODO: look for more embeded copies of MagpieRSS
        NOTE: 
https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html
        NOTE: The RSS feed and call-home was removed in Nagios 3.5.1-1 where 
the affected function was removed
 CVE-2016-9564 (Buffer overflow in send_redirect() in Boa Webserver 0.92r 
allows ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r47140 - data/CVE

Reply via email to