Author: lamby Date: 2016-07-04 12:25:31 +0000 (Mon, 04 Jul 2016) New Revision: 42997
Modified: data/CVE/list Log: comment that CVE-2016-4068 in roundcube's patch is incomplete Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-07-04 11:28:36 UTC (rev 42996) +++ data/CVE/list 2016-07-04 12:25:31 UTC (rev 42997) @@ -5997,7 +5997,7 @@ CVE-2016-4068 ["for the remaining SVG XSS issues additional to CVE-2015-8864"] RESERVED - roundcube <unfixed> - NOTE: https://github.com/roundcube/roundcubemail/commit/40d7342dd9c9bd2a1d613edc848ed95a4d71aa18#commitcomment-15294218 + NOTE: https://github.com/roundcube/roundcubemail/commit/40d7342dd9c9bd2a1d613edc848ed95a4d71aa18#commitcomment-15294218 (incomplete fix) NOTE: These remain unfixed in versions 1.0.9, 1.1.5 and 1.2-rc CVE-2015-8864 [XSS issue in SVG images handling] RESERVED _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits