[Secure-testing-commits] r54572 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2017-08-10 20:05:45 +0000 (Thu, 10 Aug 2017)
New Revision: 54572

Modified:
   data/CVE/list
Log:
Add reported bugs for mercurial

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-08-10 19:50:33 UTC (rev 54571)
+++ data/CVE/list	2017-08-10 20:05:45 UTC (rev 54572)
@@ -1,11 +1,11 @@
 CVE-2017-1000117
 	- git 1:2.14.1-1
 	NOTE: https://public-inbox.org/git/xmqqh8xf482j.fsf@gitster.mtv.corp.google.com/T/#u
-CVE-2017-1000116
-	- mercurial <unfixed>
+CVE-2017-1000116 [command injection on clients through malicious ssh URLs]
+	- mercurial <unfixed> (bug #871710)
 	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.282017-08-10.29
-CVE-2017-1000115
-	- mercurial <unfixed>
+CVE-2017-1000115 [path traversal via symlink]
+	- mercurial <unfixed> (bug #871709)
 	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.282017-08-10.29
 CVE-2017-12777 (Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some ...)
 	NOT-FOR-US: NexusPHP