Author: carnil
Date: 2017-11-23 15:52:01 +0000 (Thu, 23 Nov 2017)
New Revision: 57964
Modified:
data/CVE/list
Log:
Update CVE-2017-9299 status
The state is not fully correct. But the original report ist too vague
and unclear to be tracked down, and after upstream's look at it ist
still not clear where it has been fixed. It's not reproducible but
unclear if really fixed.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-23 15:21:50 UTC (rev 57963)
+++ data/CVE/list 2017-11-23 15:52:01 UTC (rev 57964)
@@ -22421,10 +22421,13 @@
[wheezy] - vlc <end-of-life> (Not supported in wheezy LTS)
NOTE:
https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commit;h=55a82442cfea9dab8b853f3a4610f2880c5fadf3
CVE-2017-9299 (Open Ticket Request System (OTRS) 3.3.9 has XSS in ...)
- - otrs2 <undetermined>
+ - otrs2 <unfixed> (unimportant)
NOTE: The issue is most likely fixed in the 3.x series already before
3.3.17.
NOTE: The exact issue, fixing commits and upstream version was not yet
tracked
NOTE: down.
+ NOTE: Furthermore the original report is quite vague/unclear and
upstream can
+ NOTE: not track the issue down to a specific fixed release claims
though that
+ NOTE: it should not be reproducible with versions later than 3.3.17.
CVE-2017-9298 (Cross-site scripting vulnerability in Hitachi Device Manager
before ...)
NOT-FOR-US: Hitacho Device Manager
CVE-2017-9297 (Open Redirect vulnerability in Hitachi Device Manager before
8.5.2-01 ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
