Author: carnil
Date: 2016-01-17 13:48:57 +0000 (Sun, 17 Jan 2016)
New Revision: 38982

Modified:
   data/CVE/list
Log:
Update information for gosa issues according to maintainer info

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-01-17 13:39:32 UTC (rev 38981)
+++ data/CVE/list       2016-01-17 13:48:57 UTC (rev 38982)
@@ -441,9 +441,8 @@
 CVE-2016-1712
        RESERVED
 CVE-2015-8771 [Possibility of code injection when setting passwords for Samba]
-       - gosa <unfixed>
+       - gosa 2.7.4+reloaded2-6
        NOTE: 
https://github.com/gosa-project/gosa-core/commit/a67a047cba2cdae8bccb0f0e2bc6d3eb45cfcbc8
-       TODO: check
 CVE-2015-8770 [remote code execution / path traversal]
        RESERVED
        - roundcube 1.1.4+dfsg.1-1
@@ -1734,9 +1733,9 @@
        NOTE: https://github.com/htacg/tidy-html5/issues/341
        NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/01/03/4
 CVE-2014-9760 [XSS vulnerability during session log on]
-       - gosa <unfixed>
+       - gosa 2.7.4+reloaded1-5
+       NOTE: Fixed in 2.7.4+reloaded1-3 with follow-up fix in 2.7.4+reloaded1-5
        NOTE: 
https://github.com/gosa-project/gosa-core/commit/e35b990464a2c2cf64d6833a217ed944876e7732
-       TODO: check
 CVE-2014-9759 [MantisBT SOAP API can be used to disclose confidential settings]
        RESERVED
        - mantis <not-affected> (Affects >= 1.3.0-beta.1)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to