Author: pochu Date: 2017-09-23 14:14:03 +0000 (Sat, 23 Sep 2017) New Revision: 56053
Modified: data/CVE/list data/dla-needed.txt Log: CVE-2017-1000031/cacti: mark as ignored for wheezy too This is already fixed in wheezy, but let's follow jessie here in case we missed some change. Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-09-23 14:08:36 UTC (rev 56052) +++ data/CVE/list 2017-09-23 14:14:03 UTC (rev 56053) @@ -9990,6 +9990,7 @@ CVE-2017-1000031 (SQL injection vulnerability in graph_templates_inputs.php in Cacti ...) - cacti 0.8.8e+ds1-1 [jessie] - cacti <ignored> (Minor issue, can be mitigated with Web Application Firewalls) + [wheezy] - cacti <ignored> (Minor issue, can be mitigated with Web Application Firewalls) NOTE: https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-007/?fid=7789 NOTE: MITRE disagrees that this CVE is a duplicate of CVE-2014-4002 and CVE-2016-3172. NOTE: MITRE believes that CVE-2017-1000031 is a different vulnerability than @@ -9998,7 +9999,7 @@ NOTE: vectors with this vulnerability, and covers different attack vectors than NOTE: CVE-2016-3172 despite sharing vulnerability type, and appears to be NOTE: independently fixable from said vulnerability based on the fix provided here: - NOTE: https://github.com/Cacti/cacti/issues/866. + NOTE: https://github.com/Cacti/cacti/issues/866 NOTE: According to https://github.com/Cacti/cacti/issues/866#issuecomment-316865448 NOTE: the first issue was fixed by https://github.com/Cacti/cacti/commit/be800c9e552d2929106b576922e9693c83b4bd46 NOTE: whereas the second issue was fixed by https://github.com/Cacti/cacti/commit/4e4dd6784adfc07b6011da999809d86a06f0f4e5 Modified: data/dla-needed.txt =================================================================== --- data/dla-needed.txt 2017-09-23 14:08:36 UTC (rev 56052) +++ data/dla-needed.txt 2017-09-23 14:14:03 UTC (rev 56053) @@ -15,9 +15,6 @@ ca-certificates NOTE: 20170719: maintainer will handle the upload, see https://lists.debian.org/d0b9674a-ac5b-5cc9-1982-fb6f36155...@pbandjelly.org -- -cacti (Emilio Pozuelo) - NOTE: 20170809: note that there is some "drama" re. duplicates. See <https://security-tracker.debian.org/tracker/CVE-2017-1000031> (lamby) --- check-mk NOTE: the code is different in wheezy but from a cursory look, there NOTE: might be multiple places where error messages are not properly _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits