[Secure-testing-commits] r41916 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri May 20 15:54:36 UTC 2016
Author: carnil
Date: 2016-05-20 15:54:35 +0000 (Fri, 20 May 2016)
New Revision: 41916
Modified:
data/CVE/list
Log:
Mark CVE-2016-4338 as no-dsa
Note for reviewers: decided to mark this as no-dsa, since hopefully in
usual zabbix agent configurations only the Zabbix server is configured
in the Server variable, and thus the issue exploitable only from server
or by spoofing that ip.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-05-20 15:53:51 UTC (rev 41915)
+++ data/CVE/list 2016-05-20 15:54:35 UTC (rev 41916)
@@ -1568,6 +1568,7 @@
CVE-2016-4338 [zabbix-agent: mysql.size shell command injection]
RESERVED
- zabbix <unfixed> (bug #823329)
+ [jessie] - zabbix <no-dsa> (Minor issue)
NOTE: http://seclists.org/bugtraq/2016/May/11
NOTE: https://support.zabbix.com/browse/ZBX-10741
CVE-2016-4337
More information about the Secure-testing-commits
mailing list