Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 

4fd90ca7 by Salvatore Bonaccorso at 2018-02-19T20:40:43+01:00
Adjust status for CVE-2013-7383 for x2goserver

The issue was fixed upstream before, and in Debian with the initial
commit, thus mark it as not-affected with a note that it was fixed with
the first upload to Debian. Thus affected code was never in Debian.

Reference the fixing commits as per

- - - - -
80bb4608 by Salvatore Bonaccorso at 2018-02-19T20:44:01+01:00
Update status for CVE-2013-4376

Mark this one as well as not-affected since fixed in Debian included
with the initial upload (to unstable) and fixed upstream before.

- - - - -

1 changed file:

- data/CVE/list


--- a/data/CVE/list
+++ b/data/CVE/list
@@ -142595,9 +142595,11 @@ CVE-2014-3221 (Huawei Eudemon8000E firewall with 
software V200R001C01SPC800 and 
 CVE-2014-3220 (F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote 
        NOT-FOR-US: F5 BIG-IQ
 CVE-2013-7383 (x2gocleansessions in X2Go Server before and 4.0.1.x 
before ...)
-       - x2goserver
-       NOTE: Fixed by:;a=commitdiff;h=80ff6997550749a64dd5db5684acbd47a4127ab3
-       NOTE: Fixed by:;a=commitdiff;h=c2036a1152a7e57286ffeb8e8859177f8de64a33
+       - x2goserver <not-affected> (Fixed with first upload to Debian)
+       NOTE: Fixed by:;a=commit;h=5a2aa0c36ef7a57d87e3bb6f7c6b2558ed5430f7
+       NOTE: Fixed by:;a=commit;h=b03665513ab1969b069c1351fe17cbb8b5fca256
+       NOTE: Fixed by:;a=commit;h=8347d3fef0e5cbabe4aa48f503612fa7b9d078f8
+       NOTE: Fixed by:;a=commit;h=bf44925ecccda436caa1cfc34f89eced9c1bd104
 CVE-2013-7375 (SQL injection vulnerability in 
includes/classes/Authenticate.class.php ...)
        NOT-FOR-US: PHP-Fusion
 CVE-2014-3145 (The BPF_S_ANC_NLATTR_NEST extension implementation in the ...)
@@ -158911,7 +158913,7 @@ CVE-2013-4377 (Use-after-free vulnerability in the 
virtio-pci implementation in 
        - qemu-kvm <not-affected> (Introduced in 1.4)
        NOTE: patches:
 CVE-2013-4376 (The setgid wrapper libx2go-server-db-sqlite3-wrapper.c in X2Go 
Server ...)
-       - x2goserver
+       - x2goserver <not-affected> (Fixed with first upload to Debian)
        NOTE: Fixed by:;a=commitdiff;h=42264c88d7885474ebe3763b2991681ddfcfa69a
 CVE-2013-4375 (The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x 
before ...)
        - xen 4.2

View it on GitLab:

View it on GitLab:
You're receiving this email because of your account on
Secure-testing-commits mailing list

Reply via email to