diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2018-12-15 08:43:44 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2018-12-15 08:43:44 +0100 |
commit | 12fe2b5574bd15bd741ddfc14cd34c642eca19aa (patch) | |
tree | a23104378aeb7c9a41108f56400137cad38b3ce6 /data/CVE/2004.list | |
parent | c5fe35d466ae2efb98ecfd7fb1f1eb163bb0550a (diff) |
Add further notes on CVE-2004-2687/distcc
The 2.18.1-1 upload already made the --allow option mandatory for daemon
mode, thus distccd would refuse to run without an IP access control
list.
Upstream bug https://github.com/distcc/distcc/issues/155
Diffstat (limited to 'data/CVE/2004.list')
-rw-r--r-- | data/CVE/2004.list | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/data/CVE/2004.list b/data/CVE/2004.list index f1acfcb5e1..5a5ef9521c 100644 --- a/data/CVE/2004.list +++ b/data/CVE/2004.list @@ -197,6 +197,9 @@ CVE-2004-2688 (Cross-site scripting (XSS) vulnerability in index.php in NewsPHP CVE-2004-2687 (distcc 2.x, as used in XCode 1.5 and others, when not configured to ...) - distcc 2.18.1-1 (low) NOTE: since 2.18.1-1 there is the --allow switch to control network access + NOTE: https://github.com/distcc/distcc/issues/155 + NOTE: Fix in depth is only in later version 3.3, cf. + NOTE: https://bugs.debian.org/892973 CVE-2004-2686 (Directory traversal vulnerability in the vfs_getvfssw function in ...) NOT-FOR-US: Solaris CVE-2004-2685 (Buffer overflow in YoungZSoft CCProxy 6.2 and earlier allows remote ...) |