diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2018-12-15 08:43:44 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2018-12-15 08:43:44 +0100 |
commit | 28d319053e60d29d7e4ec0eb00ed3f8413ccada6 (patch) | |
tree | fde952b75012e2b5fe7c0abb3ae869dab946229e /data/CVE/list.2004 | |
parent | fe583a321e088e7cfa58946be32b62ae0076ccfd (diff) |
Add further notes on CVE-2004-2687/distcc
The 2.18.1-1 upload already made the --allow option mandatory for daemon
mode, thus distccd would refuse to run without an IP access control
list.
Upstream bug https://github.com/distcc/distcc/issues/155
Diffstat (limited to 'data/CVE/list.2004')
-rw-r--r-- | data/CVE/list.2004 | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/data/CVE/list.2004 b/data/CVE/list.2004 index f1acfcb5e1..5a5ef9521c 100644 --- a/data/CVE/list.2004 +++ b/data/CVE/list.2004 @@ -197,6 +197,9 @@ CVE-2004-2688 (Cross-site scripting (XSS) vulnerability in index.php in NewsPHP CVE-2004-2687 (distcc 2.x, as used in XCode 1.5 and others, when not configured to ...) - distcc 2.18.1-1 (low) NOTE: since 2.18.1-1 there is the --allow switch to control network access + NOTE: https://github.com/distcc/distcc/issues/155 + NOTE: Fix in depth is only in later version 3.3, cf. + NOTE: https://bugs.debian.org/892973 CVE-2004-2686 (Directory traversal vulnerability in the vfs_getvfssw function in ...) NOT-FOR-US: Solaris CVE-2004-2685 (Buffer overflow in YoungZSoft CCProxy 6.2 and earlier allows remote ...) |