Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
518d9e80 by Moritz Muehlenhoff at 2018-02-14T22:57:49+01:00
remove TOOD for thrift copy in HHVM, not relevant here

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -82661,12 +82661,10 @@ CVE-2016-5398 (Cross-site scripting (XSS) 
vulnerability in Business Process Edit
        NOT-FOR-US: JBoss BPMS
 CVE-2016-5397 (The Apache Thrift Go client library exposed the potential 
during code ...)
        - thrift-compiler <unfixed>
-       - hhvm <unfixed>
        NOTE: https://issues.apache.org/jira/browse/THRIFT-3893
        NOTE: 
https://github.com/apache/thrift/commit/2007783e874d524a46b818598a45078448ecc53e
        NOTE: Fixed in 0.10.0 upstream, and in experimental src:thrift/0.10.0-1 
is present
        NOTE: src:thrift only present in experimental
-       TODO: check (hhvm embedds it, used?)
 CVE-2016-5396 (Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK 
Bomb ...)
        - trafficserver 7.0.0-1
        [wheezy] - trafficserver <not-affected> (Vulnerable code not present)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/518d9e80209f0a93efe466835ae7f9a401a7fda8

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/518d9e80209f0a93efe466835ae7f9a401a7fda8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to