Author: hertzog Date: 2017-07-13 04:16:27 +0000 (Thu, 13 Jul 2017) New Revision: 53426
Modified: data/CVE/list Log: Mark CVE-2017-11163 as not-affected on all releases The aggregate_graphs.php file is not present in our releases. Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-07-13 01:11:50 UTC (rev 53425) +++ data/CVE/list 2017-07-13 04:16:27 UTC (rev 53426) @@ -100,6 +100,12 @@ TODO: check CVE-2017-11163 (Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in ...) - cacti 1.1.12+ds1-1 (bug #868080) + [stretch] - cacti <not-affected> (Vulnerable code introduced later) + [jessie] - cacti <not-affected> (Vulnerable code introduced later) + [wheezy] - cacti <not-affected> (Vulnerable code introduced later) + NOTE: aggregate_graphs.php not available in 0.8.8. + NOTE: Upstream claims fix for CVE-2017-10970 also fixes this CVE + NOTE: but produced this patch anyway: https://github.com/Cacti/cacti/commit/bf5b1309dcf68578c3bdc4db54112dfb2e8ec4f4 CVE-2017-11162 RESERVED CVE-2017-11161 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits