[Secure-testing-commits] r54173 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Aug 1 09:29:30 UTC 2017
Author: carnil
Date: 2017-08-01 09:29:30 +0000 (Tue, 01 Aug 2017)
New Revision: 54173
Modified:
data/CVE/list
Log:
Add CVE-2017-12066/cacti
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-01 09:27:16 UTC (rev 54172)
+++ data/CVE/list 2017-08-01 09:29:30 UTC (rev 54173)
@@ -129,7 +129,12 @@
CVE-2017-12067 (Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic ...)
TODO: check
CVE-2017-12066 (Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in ...)
- TODO: check
+ - cacti <unfixed>
+ [stretch] - cacti <not-affected> (Vulnerable code introduced later)
+ [jessie] - cacti <not-affected> (Vulnerable code introduced later)
+ [wheezy] - cacti <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/Cacti/cacti/commit/bd0e586f6f46d814930226f1516a194e7e72293e
+ NOTE: https://github.com/Cacti/cacti/issues/877
CVE-2017-12065 (spikekill.php in Cacti before 1.1.16 might allow remote attackers to ...)
- cacti <unfixed>
[stretch] - cacti <not-affected> (Vulnerable code introduced later)
More information about the Secure-testing-commits
mailing list