CVE-2016-6342

Priority
Description
elog 3.1.1 allows remote attackers to post data as any username in the
logbook.
Notes
Package
Source: elog (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (3.1.2-1-1)
Ubuntu 19.10 (Eoan Ermine):not-affected (3.1.2-1-1)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (3.1.2-1-1)
Ubuntu 20.10 (Groovy Gorilla):not-affected (3.1.2-1-1)
Patches:
Upstream:https://bitbucket.org/ritt/elog/commits/2f6a300572bd6048351af8c45394ae62230c83d9
Upstream:https://bitbucket.org/ritt/elog/commits/9ca611aca2b1860efac15f806bf907cc2e6f870a/
More Information

Updated: 2020-06-11 00:14:33 UTC (commit 880cc309188f5eb5da57010c3eb035e4a00db194)