Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a1227c77 by security tracker role at 2018-02-06T21:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,11 +1,213 @@
-CVE-2018-6758 [stack-based buffer overflow within uwsgi_expand_path]
+CVE-2018-6759 (The bfd_get_debug_link_info_1 function in opncls.c in the
Binary File ...)
+ TODO: check
+CVE-2018-6757
+ RESERVED
+CVE-2018-6756
+ RESERVED
+CVE-2018-6755
+ RESERVED
+CVE-2018-6754
+ RESERVED
+CVE-2018-6753
+ RESERVED
+CVE-2018-6752
+ RESERVED
+CVE-2018-6751
+ RESERVED
+CVE-2018-6750
+ RESERVED
+CVE-2018-6749
+ RESERVED
+CVE-2018-6748
+ RESERVED
+CVE-2018-6747
+ RESERVED
+CVE-2018-6746
+ RESERVED
+CVE-2018-6745
+ RESERVED
+CVE-2018-6744
+ RESERVED
+CVE-2018-6743
+ RESERVED
+CVE-2018-6742
+ RESERVED
+CVE-2018-6741
+ RESERVED
+CVE-2018-6740
+ RESERVED
+CVE-2018-6739
+ RESERVED
+CVE-2018-6738
+ RESERVED
+CVE-2018-6737
+ RESERVED
+CVE-2018-6736
+ RESERVED
+CVE-2018-6735
+ RESERVED
+CVE-2018-6734
+ RESERVED
+CVE-2018-6733
+ RESERVED
+CVE-2018-6732
+ RESERVED
+CVE-2018-6731
+ RESERVED
+CVE-2018-6730
+ RESERVED
+CVE-2018-6729
+ RESERVED
+CVE-2018-6728
+ RESERVED
+CVE-2018-6727
+ RESERVED
+CVE-2018-6726
+ RESERVED
+CVE-2018-6725
+ RESERVED
+CVE-2018-6724
+ RESERVED
+CVE-2018-6723
+ RESERVED
+CVE-2018-6722
+ RESERVED
+CVE-2018-6721
+ RESERVED
+CVE-2018-6720
+ RESERVED
+CVE-2018-6719
+ RESERVED
+CVE-2018-6718
+ RESERVED
+CVE-2018-6717
+ RESERVED
+CVE-2018-6716
+ RESERVED
+CVE-2018-6715
+ RESERVED
+CVE-2018-6714
+ RESERVED
+CVE-2018-6713
+ RESERVED
+CVE-2018-6712
+ RESERVED
+CVE-2018-6711
+ RESERVED
+CVE-2018-6710
+ RESERVED
+CVE-2018-6709
+ RESERVED
+CVE-2018-6708
+ RESERVED
+CVE-2018-6707
+ RESERVED
+CVE-2018-6706
+ RESERVED
+CVE-2018-6705
+ RESERVED
+CVE-2018-6704
+ RESERVED
+CVE-2018-6703
+ RESERVED
+CVE-2018-6702
+ RESERVED
+CVE-2018-6701
+ RESERVED
+CVE-2018-6700
+ RESERVED
+CVE-2018-6699
+ RESERVED
+CVE-2018-6698
+ RESERVED
+CVE-2018-6697
+ RESERVED
+CVE-2018-6696
+ RESERVED
+CVE-2018-6695
+ RESERVED
+CVE-2018-6694
+ RESERVED
+CVE-2018-6693
+ RESERVED
+CVE-2018-6692
+ RESERVED
+CVE-2018-6691
+ RESERVED
+CVE-2018-6690
+ RESERVED
+CVE-2018-6689
+ RESERVED
+CVE-2018-6688
+ RESERVED
+CVE-2018-6687
+ RESERVED
+CVE-2018-6686
+ RESERVED
+CVE-2018-6685
+ RESERVED
+CVE-2018-6684
+ RESERVED
+CVE-2018-6683
+ RESERVED
+CVE-2018-6682
+ RESERVED
+CVE-2018-6681
+ RESERVED
+CVE-2018-6680
+ RESERVED
+CVE-2018-6679
+ RESERVED
+CVE-2018-6678
+ RESERVED
+CVE-2018-6677
+ RESERVED
+CVE-2018-6676
+ RESERVED
+CVE-2018-6675
+ RESERVED
+CVE-2018-6674
+ RESERVED
+CVE-2018-6673
+ RESERVED
+CVE-2018-6672
+ RESERVED
+CVE-2018-6671
+ RESERVED
+CVE-2018-6670
+ RESERVED
+CVE-2018-6669
+ RESERVED
+CVE-2018-6668
+ RESERVED
+CVE-2018-6667
+ RESERVED
+CVE-2018-6666
+ RESERVED
+CVE-2018-6665
+ RESERVED
+CVE-2018-6664
+ RESERVED
+CVE-2018-6663
+ RESERVED
+CVE-2018-6662
+ RESERVED
+CVE-2018-6661
+ RESERVED
+CVE-2018-6660
+ RESERVED
+CVE-2018-6659
+ RESERVED
+CVE-2018-6658
+ RESERVED
+CVE-2018-6758 (The uwsgi_expand_path function in core/utils.c in Unbit uWSGI
through ...)
- uwsgi <unfixed> (bug #889753)
NOTE: http://lists.unbit.it/pipermail/uwsgi/2018-February/008835.html
NOTE:
https://github.com/unbit/uwsgi/commit/cb4636f7c0af2e97a4eef7a3cdcbd85a71247bfe
CVE-2018-6657
RESERVED
-CVE-2018-6656
- RESERVED
+CVE-2018-6656 (Z-BlogPHP 1.5.1 has CSRF via
zb_users/plugin/AppCentre/app_del.php, as ...)
+ TODO: check
CVE-2018-6655
RESERVED
CVE-2018-6654 (The Grammarly extension before 2018-02-02 for Chrome allows
remote ...)
@@ -351,7 +553,7 @@ CVE-2018-6571
RESERVED
CVE-2018-6570
RESERVED
-CVE-2018-6569 (West Wind Web Server 6.x does not require autheentication for
...)
+CVE-2018-6569 (West Wind Web Server 6.x does not require authentication for
...)
NOT-FOR-US: West Wind Web Server
CVE-2018-6568
RESERVED
@@ -703,14 +905,14 @@ CVE-2018-6471 (In SUPERAntiSpyware Professional Trial
6.0.1254, the driver file
NOT-FOR-US: SUPERAntiSpyware Professional Trial
CVE-2018-6470 (Nibbleblog 4.0.5 on macOS defaults to having .DS_Store in each
...)
NOT-FOR-US: Nibbleblog on macOS
-CVE-2018-6469
- RESERVED
-CVE-2018-6468
- RESERVED
-CVE-2018-6467
- RESERVED
-CVE-2018-6466
- RESERVED
+CVE-2018-6469 (A cross-site scripting (XSS) vulnerability in flickrRSS.php in
the ...)
+ TODO: check
+CVE-2018-6468 (A cross-site scripting (XSS) vulnerability in flickrRSS.php in
the ...)
+ TODO: check
+CVE-2018-6467 (The flickrRSS plugin 5.3.1 for WordPress has CSRF via ...)
+ TODO: check
+CVE-2018-6466 (A cross-site scripting (XSS) vulnerability in flickrRSS.php in
the ...)
+ TODO: check
CVE-2018-6465 (The PropertyHive plugin before 1.4.15 for WordPress has XSS via
the ...)
NOT-FOR-US: PropertyHive plugin for WordPress
CVE-2018-6464 (Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert
in a ...)
@@ -864,7 +1066,7 @@ CVE-2018-6395 (SQL Injection exists in the Visual Calendar
3.1.3 component for J
NOT-FOR-US: Visual Calendar component for Joomla!
CVE-2018-6394
RESERVED
-CVE-2018-6393 (FreePBX 10.13.66-32bit allows post-authentication SQL injection
via the ...)
+CVE-2018-6393 (FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2)
allow ...)
NOT-FOR-US: FreePBX
CVE-2018-6392 (The filter_slice function in libavfilter/vf_transpose.c in
FFmpeg ...)
- ffmpeg <unfixed>
@@ -875,8 +1077,8 @@ CVE-2018-6391 (A cross-site request forgery web
vulnerability has been discovere
NOT-FOR-US: Netis WF2419 V2.2.36123 devices
CVE-2018-6390 (The WStr::assign function in kso.dll in Kingsoft WPS Office
10.1.0.7106 ...)
NOT-FOR-US: Kingsoft WPS Office
-CVE-2018-6389
- RESERVED
+CVE-2018-6389 (In WordPress through 4.9.2, unauthenticated attackers can cause
a ...)
+ TODO: check
CVE-2018-6388 (iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow
remote ...)
NOT-FOR-US: iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices
CVE-2018-6387 (iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a
hardcoded ...)
@@ -1185,14 +1387,14 @@ CVE-2018-6293
RESERVED
CVE-2018-6292
RESERVED
-CVE-2018-6291
- RESERVED
-CVE-2018-6290
- RESERVED
-CVE-2018-6289
- RESERVED
-CVE-2018-6288
- RESERVED
+CVE-2018-6291 (WebConsole Cross-Site Scripting in Kaspersky Secure Mail
Gateway ...)
+ TODO: check
+CVE-2018-6290 (Local Privilege Escalation in Kaspersky Secure Mail Gateway
version ...)
+ TODO: check
+CVE-2018-6289 (Configuration file injection leading to Code Execution as Root
in ...)
+ TODO: check
+CVE-2018-6288 (Cross-site Request Forgery leading to Administrative account
takeover ...)
+ TODO: check
CVE-2018-6287
RESERVED
CVE-2018-6286
@@ -3284,8 +3486,8 @@ CVE-2018-5459
RESERVED
CVE-2018-5458
RESERVED
-CVE-2018-5457
- RESERVED
+CVE-2018-5457 (A uncontrolled search path element issue was discovered in
Vyaire ...)
+ TODO: check
CVE-2018-5456
RESERVED
CVE-2018-5455
@@ -4776,11 +4978,10 @@ CVE-2018-4880
RESERVED
CVE-2018-4879
RESERVED
-CVE-2018-4878
- RESERVED
+CVE-2018-4878 (A use-after-free vulnerability was discovered in Adobe Flash
Player ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2018-4877
- RESERVED
+CVE-2018-4877 (A use-after-free vulnerability was discovered in Adobe Flash
Player ...)
+ TODO: check
CVE-2018-4876
RESERVED
CVE-2018-4875
@@ -7210,8 +7411,8 @@ CVE-2017-17997 (In Wireshark before 2.2.12, the MRDISC
dissector misuses a NULL
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14299
NOTE: https://code.wireshark.org/review/#/c/25063/
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=80a695869c9aef2fb473d9361da068022be7cb50
-CVE-2017-17996
- RESERVED
+CVE-2017-17996 (A buffer overflow vulnerability in "Add command"
functionality exists ...)
+ TODO: check
CVE-2017-17995 (Biometric Shift Employee Management System has XSS via the
Last_Name ...)
NOT-FOR-US: Biometric Shift Employee Management System
CVE-2017-17994 (Biometric Shift Employee Management System has XSS via the
criteria ...)
@@ -13266,8 +13467,8 @@ CVE-2017-17664 (A Remote Crash issue was discovered in
Asterisk Open Source 13.x
NOTE: http://downloads.digium.com/pub/security/AST-2017-012.html
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27382
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27429
-CVE-2017-17663
- RESERVED
+CVE-2017-17663 (The htpasswd implementation of mini_httpd before v1.28 and of
thttpd ...)
+ TODO: check
CVE-2017-17662 (Directory traversal in the HTTP server on Yawcam 0.2.6 through
0.6.0 ...)
NOT-FOR-US: Yawcam
CVE-2017-17661
@@ -13957,8 +14158,7 @@ CVE-2018-1301
RESERVED
CVE-2018-1300
RESERVED
-CVE-2018-1299
- RESERVED
+CVE-2018-1299 (In Apache Allura before 1.8.0, unauthenticated attackers may
retrieve ...)
NOT-FOR-US: Apache Allura
CVE-2018-1298
RESERVED
@@ -23519,8 +23719,7 @@ CVE-2017-15096 (A flaw was found in GlusterFS in
versions prior to 3.10. A null
NOTE: https://review.gluster.org/18539 (release-3.10)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1502928
NOTE: Fixed by:
http://git.gluster.org/cgit/glusterfs.git/commit/?id=1f48d17fee0cac95648ec34d13f038b27ef5c6ac
-CVE-2017-15095 [Incomplete fixes for CVE-2017-7525]
- RESERVED
+CVE-2017-15095 (A deserialization flaw was discovered in the jackson-databind
in ...)
{DSA-4037-1}
- jackson-databind 2.9.1-1
NOTE: The Debian upload for stretch (2.8.6-1+deb9u1) and jessie
(2.4.2-2+deb8u1)
@@ -46583,8 +46782,7 @@ CVE-2017-7526 [Use of left-to-right sliding window
method allows full RSA key re
NOTE: For GnuPG:
https://lists.gnupg.org/pipermail/gnupg-users/2017-July/058598.html
NOTE: GnuPG:
https://dev.gnupg.org/rC8725c99ffa41778f382ca97233183bcd687bb0ce
NOTE: GnuPG1: https://dev.gnupg.org/D438
-CVE-2017-7525 [Deserialization vulnerability via readValue method of
ObjectMapper]
- RESERVED
+CVE-2017-7525 (A deserialization flaw was discovered in the jackson-databind,
...)
{DSA-4004-1}
- jackson-databind 2.9.1-1 (bug #870848)
NOTE: https://github.com/FasterXML/jackson-databind/issues/1599
@@ -50717,8 +50915,8 @@ CVE-2017-6281
RESERVED
CVE-2017-6280
RESERVED
-CVE-2017-6279
- RESERVED
+CVE-2017-6279 (NVIDIA libnvmmlite_audio.so contains an elevation of privilege
...)
+ TODO: check
CVE-2017-6278
RESERVED
CVE-2017-6277 (NVIDIA Windows GPU Display Driver contains a vulnerability in
the ...)
@@ -50794,8 +50992,8 @@ CVE-2017-6259 (NVIDIA GPU Display Driver contains a
vulnerability in the kernel
[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not
supported)
- nvidia-graphics-drivers-legacy-340xx <not-affected> (Limited to E384
and E375)
- nvidia-graphics-drivers-legacy-304xx <not-affected> (Limited to E384
and E375)
-CVE-2017-6258
- RESERVED
+CVE-2017-6258 (NVIDIA libnvmmlite_audio.so contains an elevation of privilege
...)
+ TODO: check
CVE-2017-6257 (NVIDIA GPU Display Driver contains a vulnerability in the
kernel mode ...)
- nvidia-graphics-drivers 375.82-1 (bug #869783)
[stretch] - nvidia-graphics-drivers 375.82-1~deb9u1
@@ -50917,14 +51115,14 @@ CVE-2017-6203
RESERVED
CVE-2017-6202
RESERVED
-CVE-2017-6201
- RESERVED
-CVE-2017-6200
- RESERVED
-CVE-2017-6199
- RESERVED
-CVE-2017-6198
- RESERVED
+CVE-2017-6201 (A Server Side Request Forgery vulnerability exists in the
install app ...)
+ TODO: check
+CVE-2017-6200 (Sandstorm before build 0.203 allows remote attackers to read
any ...)
+ TODO: check
+CVE-2017-6199 (A remote attacker could bypass the Sandstorm organization
restriction ...)
+ TODO: check
+CVE-2017-6198 (The Supervisor in Sandstorm doesn't set and enforce the
resource ...)
+ TODO: check
CVE-2017-6197 (The r_read_* functions in libr/include/r_endian.h in radare2
1.2.1 ...)
{DLA-837-1}
- radare2 1.1.0+dfsg-2 (bug #856063)
@@ -50999,8 +51197,8 @@ CVE-2017-6171
RESERVED
CVE-2017-6170
RESERVED
-CVE-2017-6169
- RESERVED
+CVE-2017-6169 (In versions 13.0.0, 12.0.0-12.1.3, or 11.6.0-11.6.2, an F5
BIG-IP ...)
+ TODO: check
CVE-2017-6168 (On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1),
12.0.0-12.1.2 ...)
NOT-FOR-US: F5 BIG-IP
NOTE: https://support.f5.com/csp/article/K21905460
@@ -61981,7 +62179,7 @@ CVE-2017-2621 [/var/log/heat/ is world readable]
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1420990
CVE-2017-2620 [display: cirrus: out-of-bounds access issue while in
cirrus_bitblt_cputovideo]
RESERVED
- {DLA-845-1 DLA-842-1}
+ {DLA-1270-1 DLA-845-1 DLA-842-1}
- qemu 1:2.8+dfsg-3 (bug #855791)
- qemu-kvm <removed>
- xen 4.4.0-1
@@ -67429,6 +67627,7 @@ CVE-2017-0306 (An elevation of privilege vulnerability
in the NVIDIA GPU driver
CVE-2016-9638 (In BMC Patrol before 9.13.10.02, the binary
"listguests64" is ...)
NOT-FOR-US: BMC Patrol
CVE-2016-9637 (The (1) ioport_read and (2) ioport_write functions in Xen, when
qemu ...)
+ {DLA-1270-1}
- qemu <not-affected> (Vulnerability specific to Xen)
- qemu-kvm <not-affected> (Vulnerability specific to Xen)
- xen 4.4.0-1
@@ -67480,7 +67679,7 @@ CVE-2016-9604
NOTE: Fixed by:
https://git.kernel.org/linus/ee8f844e3c5a73b999edf733df1c529d6503ec2f
CVE-2016-9603 [cirrus: heap buffer overflow via vnc connection]
RESERVED
- {DLA-1035-1 DLA-939-1}
+ {DLA-1270-1 DLA-1035-1 DLA-939-1}
- qemu 1:2.8+dfsg-4 (bug #857744)
- qemu-kvm <removed>
- xen 4.4.0-1
@@ -74941,8 +75140,8 @@ CVE-2016-7395 (SkPath.cpp in Skia, as used in Google
Chrome before 53.0.2785.89
{DSA-3667-1}
- chromium-browser 53.0.2785.92-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-7394
- RESERVED
+CVE-2016-7394 (tiki wiki cms groupware <=15.2 has a xss vulnerability,
allow ...)
+ TODO: check
CVE-2016-7391 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA
Windows GPU ...)
NOT-FOR-US: Nvidia Windows driver
CVE-2016-7390 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA
Windows GPU ...)
@@ -76648,8 +76847,8 @@ CVE-2016-6814 (When an application with unsupported
Codehaus versions of Groovy
[jessie] - groovy 1.8.6-4+deb8u2
- groovy2 <removed>
[jessie] - groovy2 2.2.2+dfsg-3+deb8u2
-CVE-2016-6813
- RESERVED
+CVE-2016-6813 (Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API
call ...)
+ TODO: check
CVE-2016-6812 (The HTTP transport module in Apache CXF prior to 3.0.12 and
3.1.x ...)
NOT-FOR-US: Apache CXF
CVE-2016-6811
@@ -86661,20 +86860,20 @@ CVE-2016-3960 (Integer overflow in the x86 shadow
pagetable code in Xen allows l
{DSA-3554-1 DLA-571-1}
- xen 4.8.0~rc3-1 (bug #823620)
NOTE: http://xenbits.xen.org/xsa/advisory-173.html
-CVE-2016-3957
- RESERVED
+CVE-2016-3957 (The secure_load function in gluon/utils.py in web2py before
2.14.2 ...)
+ TODO: check
CVE-2016-3956 (The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in
Node.js ...)
- npm <unfixed> (bug #850322)
[jessie] - npm <no-dsa> (Minor issue)
NOTE: https://github.com/npm/npm/issues/8380
NOTE:
https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401
(2.15.1)
NOTE:
https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29
(3.8.3)
-CVE-2016-3954
- RESERVED
-CVE-2016-3953
- RESERVED
-CVE-2016-3952
- RESERVED
+CVE-2016-3954 (web2py before 2.14.2 allows remote attackers to obtain the ...)
+ TODO: check
+CVE-2016-3953 (The sample web application in web2py before 2.14.2 might allow
remote ...)
+ TODO: check
+CVE-2016-3952 (web2py before 2.14.1, when using the standalone version, allows
remote ...)
+ TODO: check
CVE-2016-3951 (Double free vulnerability in drivers/net/usb/cdc_ncm.c in the
Linux ...)
{DSA-3607-1 DLA-516-1}
- linux 4.5.1-1
@@ -111104,8 +111303,8 @@ CVE-2015-4402
RESERVED
CVE-2015-4401
RESERVED
-CVE-2015-4400
- RESERVED
+CVE-2015-4400 (Ring (formerly DoorBot) video doorbells allow remote attackers
to ...)
+ TODO: check
CVE-2015-4399
RESERVED
CVE-2015-4398 (Open redirect vulnerability in the Chaos tool suite (ctools)
module ...)
@@ -113277,10 +113476,10 @@ CVE-2015-3621 (Untrusted search path vulnerability
in SAP Enterprise Central ...
NOT-FOR-US: SAP ECC
CVE-2015-3620 (Cross-site scripting (XSS) vulnerability in the advanced
dataset ...)
NOT-FOR-US: Fortinet FortiAnalyzer
-CVE-2015-3619
- RESERVED
-CVE-2015-3618
- RESERVED
+CVE-2015-3619 (Cross-site scripting (XSS) vulnerability in
assets/js/vm2admin.js in ...)
+ TODO: check
+CVE-2015-3618 (Cross-site scripting (XSS) vulnerability in Nagios Business
Process ...)
+ TODO: check
CVE-2015-3617 (Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2
allow ...)
NOT-FOR-US: Fortinet
CVE-2015-3616 (SQL injection vulnerability in Fortinet FortiManager 5.0.x
before ...)
@@ -135546,16 +135745,13 @@ CVE-2014-5284 (host-deny.sh in OSSEC before 2.8.1
writes to temporary files with
- ossec-hids <itp> (bug #361954)
CVE-2014-5283
RESERVED
-CVE-2014-5282 [Tagging image to ID can redirect images on subsequent pulls]
- RESERVED
+CVE-2014-5282 (Docker before 1.3 does not properly validate image IDs, which
allows ...)
- docker.io 1.3.0~dfsg1-1
CVE-2014-5281
RESERVED
-CVE-2014-5280 [Cross-site request forgery attack possible against Docker
daemon]
- RESERVED
+CVE-2014-5280 (boot2docker 1.2 and earlier allows attackers to conduct
cross-site ...)
NOT-FOR-US: boot2docker
-CVE-2014-5279 [boot2docker allows privilege escalation from children
containers]
- RESERVED
+CVE-2014-5279 (The Docker daemon managed by boot2docker 1.2 and earlier
improperly ...)
NOT-FOR-US: boot2docker
CVE-2014-5278
RESERVED
@@ -157616,8 +157812,7 @@ CVE-2013-4318
RESERVED
NOT-FOR-US: Ruby gem Features
NOTE: http://www.openwall.com/lists/oss-security/2013/09/09/9
-CVE-2013-4317
- RESERVED
+CVE-2013-4317 (In Apache CloudStack 4.1.0 and 4.1.1, when calling the
CloudStack API ...)
NOT-FOR-US: CloudStack
CVE-2013-4316 (Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method
Invocation ...)
- libstruts1.2-java <not-affected> (Affects Struts 2.0.0 - Struts
2.3.15.1)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a1227c77ae695d21493e4b64f30f2fd163e49ba8
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a1227c77ae695d21493e4b64f30f2fd163e49ba8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
