Author: carnil
Date: 2016-04-24 05:05:56 +0000 (Sun, 24 Apr 2016)
New Revision: 41096
Modified:
data/CVE/list
Log:
Two CVEs for roundcube assigned for XSS issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-04-23 22:13:46 UTC (rev 41095)
+++ data/CVE/list 2016-04-24 05:05:56 UTC (rev 41096)
@@ -5,13 +5,17 @@
NOTE:
https://github.com/roundcube/roundcubemail/commit/4a408843b0ef816daf70a472a02b78cd6073a4d5
NOTE:
https://github.com/roundcube/roundcubemail/commit/699af1e5206ed9114322adaa3c25c1c969640a53
(release-1.1)
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/04/23/3
-CVE-2016-XXXX [XSS issue in SVG images handling]
+CVE-2016-4068 ["for the remaining SVG XSS issues additional to CVE-2015-8864"]
+ - roundcube <unfixed>
+ NOTE:
https://github.com/roundcube/roundcubemail/commit/40d7342dd9c9bd2a1d613edc848ed95a4d71aa18#commitcomment-15294218
+ NOTE: These remain unfixed in versions 1.0.9, 1.1.5 and 1.2-rc
+CVE-2015-8864 [XSS issue in SVG images handling]
- roundcube <unfixed> (bug #822333)
NOTE: https://github.com/roundcube/roundcubemail/issues/4949
NOTE:
https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115
NOTE:
https://github.com/roundcube/roundcubemail/commit/40d7342dd9c9bd2a1d613edc848ed95a4d71aa18
NOTE:
https://github.com/roundcube/roundcubemail/commit/7bbefdb63b12e2344cf1cb87aeb6e3933b4063e0
(release-1.1)
- NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/04/23/3
+ NOTE: http://www.openwall.com/lists/oss-security/2016/04/23/3
CVE-2016-XXXX [MS-WSP dissector crash]
- wireshark 2.0.3+geed34f0-1 (low)
[jessie] - wireshark <not-affected> (Only affects 2.x)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
