Update status for CVE-2016-6345

Note for reviewer: this is actually not so clear, the Red Hat bugreport does not provide other references, but indicates that it is fixed in 3.1.0.RC1 and 3.0.20.Final. mark it for now as such as an exception :-/
author: Salvatore Bonaccorso <carnil@debian.org> 2021-12-04 17:39:14 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-12-04 17:39:14 +0100
commit: 0b5b5344e1e9c2b15e8e9a69de09891ad6b73e8a (patch)
tree: 330313f9e17e95531c13bc1bf86b487301a4fdf3 /data
parent: c7a60f12c5f51807bda89df6ebfc77a590612746 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index 77850d8b85..3d64cf9289 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -14018,9 +14018,10 @@ CVE-2016-6346 (RESTEasy enables GZIPInterceptor, which allows remote attackers t
 	NOTE: https://issues.jboss.org/browse/RESTEASY-1484 (not public)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1372120
 CVE-2016-6345 (RESTEasy allows remote authenticated users to obtain sensitive informa ...)
-	- resteasy <unfixed> (low; bug #837170)
+	- resteasy 3.1.0-1 (low; bug #837170)
 	[jessie] - resteasy <no-dsa> (Minor issue)
-	- resteasy3.0 <undetermined>
+	- resteasy3.0 3.0.26-1
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1372117
 CVE-2016-6344 (Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a  ...)
 	NOT-FOR-US: Red Hat JBoss bpm Suite
 CVE-2016-6343 (JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Re ...)
author	Salvatore Bonaccorso <carnil@debian.org>	2021-12-04 17:39:14 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-12-04 17:39:14 +0100
commit	0b5b5344e1e9c2b15e8e9a69de09891ad6b73e8a (patch)
tree	330313f9e17e95531c13bc1bf86b487301a4fdf3 /data
parent	c7a60f12c5f51807bda89df6ebfc77a590612746 (diff)