[Secure-testing-commits] r53426 - data/CVE

Raphaël Hertzog Wed, 12 Jul 2017 21:17:36 -0700

Author: hertzog
Date: 2017-07-13 04:16:27 +0000 (Thu, 13 Jul 2017)
New Revision: 53426


Modified:
   data/CVE/list
Log:
Mark CVE-2017-11163 as not-affected on all releases

The aggregate_graphs.php file is not present in our releases.

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-07-13 01:11:50 UTC (rev 53425)
+++ data/CVE/list       2017-07-13 04:16:27 UTC (rev 53426)
@@ -100,6 +100,12 @@
        TODO: check
 CVE-2017-11163 (Cross-site scripting (XSS) vulnerability in 
aggregate_graphs.php in ...)
        - cacti 1.1.12+ds1-1 (bug #868080)
+       [stretch] - cacti <not-affected> (Vulnerable code introduced later)
+       [jessie] - cacti <not-affected> (Vulnerable code introduced later)
+       [wheezy] - cacti <not-affected> (Vulnerable code introduced later)
+       NOTE: aggregate_graphs.php not available in 0.8.8.
+       NOTE: Upstream claims fix for CVE-2017-10970 also fixes this CVE
+       NOTE: but produced this patch anyway: 
https://github.com/Cacti/cacti/commit/bf5b1309dcf68578c3bdc4db54112dfb2e8ec4f4
 CVE-2017-11162
        RESERVED
 CVE-2017-11161


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r53426 - data/CVE

Reply via email to