Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cve updates for 2016 2017 #74

Merged
merged 4 commits into from
Mar 14, 2017
Merged

Cve updates for 2016 2017 #74

merged 4 commits into from
Mar 14, 2017

Conversation

cplvic
Copy link
Contributor

@cplvic cplvic commented Mar 13, 2017
edited
Loading

Modified 2016-4970 - Per @jasinner , added series information. the unaffected section is there to capture version 3.x is not affected. However it is in a different project path so not sure what to do.
Modified 2016-9878, 2016-9879 - Per @jasinner added series information
Added 2016-5007 - Spring Security + Framework for issue #49
Added 2017 folder
Added 2017-5638 for Apache Stuts2 0-Day

@cplvic
Modified 2016-4970. - Unaffected version for netty uses different pom.
8f229ff 
Modified 2016-9878, 2016-9879 - Per Jassiner, added series information
Added 2016-5007 - Spring Security + Framework for issue victims#49
Added 2017 folder
Added 2017-5638 for Apache Stuts2 0-Day
@cplvic
Modified 2016-4970. - Unaffected version for netty uses different pom.
1f8fa95 
Modified 2016-9878, 2016-9879 - Per Jassiner, added series information
Added 2016-5007 - Spring Security + Framework for issue victims#49
Added 2017 folder
Added 2017-5638 for Apache Stuts2 0-Day
@cplvic
Modified 2016-4970 - Unaffected version for netty uses different pom.
14405b2 
Modified 2016-9878, 2016-9879 - Per Jassiner, added series information
Added 2016-5007 - Spring Security + Framework for issue victims#49
Added 2017 folder
Added 2017-5638 for Apache Stuts2 0-Day
@cplvic
Copy link
Contributor Author

cplvic commented Mar 13, 2017

@jasinner - Can you have someone review and reject or commit.
I added a few things I think are valuable to the "cause" to keep victims db updated
Thanks

@ashcrow ashcrow requested a review from jasinner March 13, 2017 21:32
@cplvic
Copy link
Contributor Author

cplvic commented Mar 13, 2017

fyi _ i directly edited 5638 to

  1. fix project name struts -> struts2
  2. Remove RELEASE from the versions.

@jasinner
Copy link
Member

Thanks for the PR. I think adding 3.x to unaffected versions for CVE-2016-4970 makes sense, even though it uses the maven artifact name 'netty', not 'netty-all'.
Thanks for fixing up the ranges on the previous commits, and for the new reports.

@jasinner jasinner merged commit e7c8ac0 into victims:master Mar 14, 2017
@cplvic cplvic deleted the CVE_Updates_for_2016_2017 branch March 14, 2017 16:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasinner jasinner Awaiting requested review from jasinner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cplvic @jasinner