Candidate: CVE-2016-6342
PublicDate: 2017-06-27 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6342
 https://bugzilla.redhat.com/show_bug.cgi?id=1371328
Description:
 elog 3.1.1 allows remote attackers to post data as any username in the
 logbook.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]

Patches_elog:
 upstream: https://bitbucket.org/ritt/elog/commits/2f6a300572bd6048351af8c45394ae62230c83d9
 upstream: https://bitbucket.org/ritt/elog/commits/9ca611aca2b1860efac15f806bf907cc2e6f870a/
upstream_elog: needs-triage
precise_elog: DNE
precise/esm_elog: DNE
trusty_elog: DNE
trusty/esm_elog: DNE
vivid/stable-phone-overlay_elog: DNE
vivid/ubuntu-core_elog: DNE
xenial_elog: ignored (end of standard support, was needed)
yakkety_elog: ignored (reached end-of-life)
zesty_elog: ignored (reached end-of-life)
artful_elog: ignored (reached end-of-life)
bionic_elog: not-affected (3.1.2-1-1)
cosmic_elog: not-affected (3.1.2-1-1)
disco_elog: not-affected (3.1.2-1-1)
eoan_elog: not-affected (3.1.2-1-1)
focal_elog: not-affected (3.1.2-1-1)
groovy_elog: not-affected (3.1.2-1-1)
hirsute_elog: not-affected (3.1.2-1-1)
impish_elog: not-affected (3.1.2-1-1)
jammy_elog: not-affected (3.1.2-1-1)
devel_elog: DNE