[Secure-testing-commits] r58668 - data/CVE
Raphael Geissert
geissert at moszumanska.debian.org
Sun Dec 17 23:15:59 UTC 2017
Author: geissert
Date: 2017-12-17 23:15:58 +0000 (Sun, 17 Dec 2017)
New Revision: 58668
Modified:
data/CVE/list
Log:
gitlab, nexus NFU, ruby-net-ldap issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-17 21:10:12 UTC (rev 58667)
+++ data/CVE/list 2017-12-17 23:15:58 UTC (rev 58668)
@@ -1,9 +1,11 @@
-CVE-2017-17718
+CVE-2017-17718 [Net::Ldap missing certificate validation]
RESERVED
+ - ruby-net-ldap <unfixed>
+ NOTE: https://github.com/ruby-ldap/ruby-net-ldap/issues/258
CVE-2017-17717 (Sonatype Nexus Repository Manager through 2.14.5 has weak password ...)
- TODO: check
+ NOT-FOR-US: Sonatype Nexus
CVE-2017-17716 (GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate ...)
- TODO: check
+ - gitlab <not-affected> (vulnerable version never uploaded to the archive)
CVE-2017-17715 (The saveFile method in MediaController.java in the Telegram Messenger ...)
NOT-FOR-US: Telegram Messenger for Android
CVE-2017-17714 (Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId ...)
More information about the Secure-testing-commits
mailing list