[Secure-testing-commits] r56053 - in data: . CVE

Sat, 23 Sep 2017 07:14:28 -0700 

Author: pochu
Date: 2017-09-23 14:14:03 +0000 (Sat, 23 Sep 2017)
New Revision: 56053

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
CVE-2017-1000031/cacti: mark as ignored for wheezy too

This is already fixed in wheezy, but let's follow jessie here in case
we missed some change.


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-09-23 14:08:36 UTC (rev 56052)
+++ data/CVE/list       2017-09-23 14:14:03 UTC (rev 56053)
@@ -9990,6 +9990,7 @@
 CVE-2017-1000031 (SQL injection vulnerability in graph_templates_inputs.php in 
Cacti ...)
        - cacti 0.8.8e+ds1-1
        [jessie] - cacti <ignored> (Minor issue, can be mitigated with Web 
Application Firewalls)
+       [wheezy] - cacti <ignored> (Minor issue, can be mitigated with Web 
Application Firewalls)
        NOTE: 
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-007/?fid=7789
        NOTE: MITRE disagrees that this CVE is a duplicate of CVE-2014-4002 and 
CVE-2016-3172.
        NOTE: MITRE believes that CVE-2017-1000031 is a different vulnerability 
than
@@ -9998,7 +9999,7 @@
        NOTE: vectors with this vulnerability, and covers different attack 
vectors than
        NOTE: CVE-2016-3172 despite sharing vulnerability type, and appears to 
be
        NOTE: independently fixable from said vulnerability based on the fix 
provided here:
-       NOTE: https://github.com/Cacti/cacti/issues/866.
+       NOTE: https://github.com/Cacti/cacti/issues/866
        NOTE: According to 
https://github.com/Cacti/cacti/issues/866#issuecomment-316865448
        NOTE: the first issue was fixed by 
https://github.com/Cacti/cacti/commit/be800c9e552d2929106b576922e9693c83b4bd46
        NOTE: whereas the second issue was fixed by 
https://github.com/Cacti/cacti/commit/4e4dd6784adfc07b6011da999809d86a06f0f4e5

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-09-23 14:08:36 UTC (rev 56052)
+++ data/dla-needed.txt 2017-09-23 14:14:03 UTC (rev 56053)
@@ -15,9 +15,6 @@
 ca-certificates
   NOTE: 20170719: maintainer will handle the upload, see 
https://lists.debian.org/d0b9674a-ac5b-5cc9-1982-fb6f36155...@pbandjelly.org
 --
-cacti (Emilio Pozuelo)
-  NOTE: 20170809: note that there is some "drama" re. duplicates. See 
<https://security-tracker.debian.org/tracker/CVE-2017-1000031> (lamby)
---
 check-mk
   NOTE: the code is different in wheezy but from a cursory look, there
   NOTE: might be multiple places where error messages are not properly


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to