[Secure-testing-commits] r46950 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Dec 10 07:08:03 UTC 2016
Author: carnil
Date: 2016-12-10 07:08:03 +0000 (Sat, 10 Dec 2016)
New Revision: 46950
Modified:
data/CVE/list
Log:
Update status for CVE-2016-9140
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-10 06:50:29 UTC (rev 46949)
+++ data/CVE/list 2016-12-10 07:08:03 UTC (rev 46950)
@@ -9513,11 +9513,11 @@
RESERVED
CVE-2016-9140 [RCE]
RESERVED
- - zabbix <unfixed> (bug #842702; unimportant)
+ - zabbix 1:3.0.6+dfsg-1 (bug #842702; unimportant)
NOTE: https://www.exploit-db.com/exploits/39937/
NOTE: Claimed to be not a vulnerability but a superadmin using a feature
- NOTE: as intended.
- TODO: check if needs to be rejected.
+ NOTE: as intended. 1:3.0.6+dfsg-1 improved the API script.execute validation.
+ TODO: wait for CVE REJECT and remove entry
CVE-2016-9139 [An attacker could trick an authenticated agent or customer into opening a malicious attachment which could lead to the execution of JavaScript in OTRS context]
RESERVED
- otrs2 5.0.14-1 (bug #843091)
More information about the Secure-testing-commits
mailing list