Commit 4b5a6165 authored by Salvatore Bonaccorso's avatar Salvatore Bonaccorso

Three curl CVEs were adressed in recent DLA

parent 98da9693
......@@ -102212,7 +102212,6 @@ CVE-2016-9587 (Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper
CVE-2016-9586 (curl before version 7.52.0 is vulnerable to a buffer overflow when ...)
{DLA-767-1}
- curl 7.52.1-1 (bug #848958)
[jessie] - curl <no-dsa> (Minor issue)
NOTE: https://curl.haxx.se/docs/adv_20161221A.html
NOTE: Fixed by: https://github.com/curl/curl/commit/3ab3c16db6a5674f53cf23d56512a405fde0b2c9
NOTE: There are no known vulnerable applications but as this is a
......@@ -110061,7 +110060,6 @@ CVE-2016-7168 (Cross-site scripting (XSS) vulnerability in the media_handle_uplo
CVE-2016-7167 (Multiple integer overflows in the (1) curl_escape, (2) ...)
{DLA-625-1}
- curl 7.51.0-1 (bug #837945)
[jessie] - curl <no-dsa> (Minor issue, can be fixed in point release or next DSA)
NOTE: Upstream advisory: https://curl.haxx.se/docs/adv_20160914.html
NOTE: Upstream patch: https://curl.haxx.se/CVE-2016-7167.patch
NOTE: Affected versions: libcurl 7.11.1 to and including 7.50.2
......@@ -110198,7 +110196,6 @@ CVE-2016-7135 (Directory traversal vulnerability in Plone CMS 5.x through 5.0.6
CVE-2016-7141 (curl and libcurl before 7.50.2, when built with NSS and the ...)
{DLA-616-1}
- curl 7.51.0-1 (bug #836918)
[jessie] - curl <no-dsa> (Minor issue, can be fixed in point release or next DSA; affects only NSS backend)
NOTE: Only affects libcurl3-nss
NOTE: http://seclists.org/oss-sec/2016/q3/419
NOTE: https://curl.haxx.se/docs/adv_20160907.html
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment