Author: pabs Date: 2017-11-20 15:56:49 +0000 (Mon, 20 Nov 2017) New Revision: 57855
Modified: data/CVE/list Log: busybox: autocompletion escape sequence vulnerability Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-20 15:54:54 UTC (rev 57854) +++ data/CVE/list 2017-11-20 15:56:49 UTC (rev 57855) @@ -1244,8 +1244,11 @@ NOTE: The wheezy version gives an assert before the vulnerability can be triggered. Due to this NOTE: the severity of the wheezy version is low even though the vulnerable code is still present. NOTE: The patch is trivial so it may be worth fixing in combination with some other fix. -CVE-2017-16544 +CVE-2017-16544 [missing terminal escape sequence filtering in autocompletion] RESERVED + - busybox <unfixed> + NOTE: https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/ + NOTE: https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8 CVE-2017-16543 (Zoho ManageEngine Applications Manager 13 allows SQL injection via ...) NOT-FOR-US: Zoho CVE-2017-16542 (Zoho ManageEngine Applications Manager 13 allows Post-authentication ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits