Author: bam Date: 2017-03-06 06:56:51 +0000 (Mon, 06 Mar 2017) New Revision: 49428
Modified: data/CVE/list Log: Add link to upstream BTS for web2py issues Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-03-06 05:52:47 UTC (rev 49427) +++ data/CVE/list 2017-03-06 06:56:51 UTC (rev 49428) @@ -32560,10 +32560,13 @@ NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/fd7e0c02e272913a0a8b6d492c7260dfca0b1408 (v3.2.1) CVE-2016-4808 (Web2py versions 2.14.5 and below was affected by CSRF (Cross Site ...) - web2py <unfixed> (bug #856127) + NOTE: https://github.com/web2py/web2py/issues/1585 CVE-2016-4807 (Web2py versions 2.14.5 and below was affected by Reflected XSS ...) - web2py <unfixed> (bug #856127) + NOTE: https://github.com/web2py/web2py/issues/1585 CVE-2016-4806 (Web2py versions 2.14.5 and below was affected by Local File Inclusion ...) - web2py <unfixed> (bug #856127) + NOTE: https://github.com/web2py/web2py/issues/1585 CVE-2016-4803 (CRLF injection vulnerability in the send email functionality in dotCMS ...) NOT-FOR-US: dotCMS CVE-2016-4802 (Multiple untrusted search path vulnerabilities in cURL and libcurl ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits