[Secure-testing-commits] r46764 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Dec 4 15:04:01 UTC 2016
Author: carnil
Date: 2016-12-04 15:04:00 +0000 (Sun, 04 Dec 2016)
New Revision: 46764
Modified:
data/CVE/list
Log:
Update notes for CVE-2016-9140, add TODO
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-04 13:55:53 UTC (rev 46763)
+++ data/CVE/list 2016-12-04 15:04:00 UTC (rev 46764)
@@ -7304,8 +7304,11 @@
RESERVED
CVE-2016-9140 [RCE]
RESERVED
- - zabbix <unfixed> (bug #842702)
+ - zabbix <unfixed> (bug #842702; unimportant)
NOTE: https://www.exploit-db.com/exploits/39937/
+ NOTE: Claimed to be not a vulnerability but a superadmin using a feature
+ NOTE: as intended.
+ TODO: check if needs to be rejected.
CVE-2016-9139 [An attacker could trick an authenticated agent or customer into opening a malicious attachment which could lead to the execution of JavaScript in OTRS context]
RESERVED
- otrs2 5.0.14-1 (bug #843091)
More information about the Secure-testing-commits
mailing list