Candidate: CVE-2013-7436
PublicDate: 2015-04-10 14:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7436
 https://github.com/kanaka/noVNC/commit/ad941faddead705cd611921730054767a0b32dcd
Description:
 noVNC before 0.5 does not set the secure flag for a cookie in an https
 session, which makes it easier for remote attackers to capture this cookie
 by intercepting its transmission within an http session.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778618
 https://bugzilla.redhat.com/show_bug.cgi?id=1193451
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_novnc:
 upstream: https://github.com/kanaka/noVNC/commit/ad941faddead705cd611921730054767a0b32dcd
upstream_novnc: released (1:0.4+dfsg+1+20131010+gitf68af8af3d-4)
lucid_novnc: DNE
precise_novnc: ignored (reached end-of-life)
precise/esm_novnc: DNE (precise was needed)
trusty_novnc: ignored (reached end-of-life)
trusty/esm_novnc: DNE (trusty was needed)
utopic_novnc: ignored (reached end-of-life)
vivid_novnc: not-affected (1:0.4+dfsg+1+20131010+gitf68af8af3d-4)
vivid/stable-phone-overlay_novnc: DNE
vivid/ubuntu-core_novnc: DNE
wily_novnc: not-affected (1:0.4+dfsg+1+20131010+gitf68af8af3d-4)
xenial_novnc: not-affected (1:0.4+dfsg+1+20131010+gitf68af8af3d-4)
yakkety_novnc: not-affected (1:0.4+dfsg+1+20131010+gitf68af8af3d-4)
zesty_novnc: not-affected (1:0.4+dfsg+1+20131010+gitf68af8af3d-4)
artful_novnc: not-affected (1:0.4+dfsg+1+20131010+gitf68af8af3d-4)
bionic_novnc: not-affected (1:0.4+dfsg+1+20131010+gitf68af8af3d-4)
cosmic_novnc: not-affected (1:0.4+dfsg+1+20131010+gitf68af8af3d-4)
disco_novnc: not-affected (1:0.4+dfsg+1+20131010+gitf68af8af3d-4)
devel_novnc: not-affected (1:0.4+dfsg+1+20131010+gitf68af8af3d-4)