diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-12-04 17:39:14 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-12-04 17:39:14 +0100 |
commit | 0b5b5344e1e9c2b15e8e9a69de09891ad6b73e8a (patch) | |
tree | 330313f9e17e95531c13bc1bf86b487301a4fdf3 /data | |
parent | c7a60f12c5f51807bda89df6ebfc77a590612746 (diff) |
Update status for CVE-2016-6345
Note for reviewer: this is actually not so clear, the Red Hat bugreport
does not provide other references, but indicates that it is fixed in
3.1.0.RC1 and 3.0.20.Final. mark it for now as such as an exception :-/
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2016.list | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 77850d8b85..3d64cf9289 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -14018,9 +14018,10 @@ CVE-2016-6346 (RESTEasy enables GZIPInterceptor, which allows remote attackers t NOTE: https://issues.jboss.org/browse/RESTEASY-1484 (not public) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1372120 CVE-2016-6345 (RESTEasy allows remote authenticated users to obtain sensitive informa ...) - - resteasy <unfixed> (low; bug #837170) + - resteasy 3.1.0-1 (low; bug #837170) [jessie] - resteasy <no-dsa> (Minor issue) - - resteasy3.0 <undetermined> + - resteasy3.0 3.0.26-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1372117 CVE-2016-6344 (Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a ...) NOT-FOR-US: Red Hat JBoss bpm Suite CVE-2016-6343 (JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Re ...) |