[Secure-testing-commits] r58907 - data/CVE

Mon Dec 25 08:32:05 UTC 2017

Author: carnil
Date: 2017-12-25 08:32:05 +0000 (Mon, 25 Dec 2017)
New Revision: 58907

Modified:
   data/CVE/list
Log:
Add four new dolibarr issues

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-12-24 21:10:13 UTC (rev 58906)
+++ data/CVE/list	2017-12-25 08:32:05 UTC (rev 58907)
@@ -1,13 +1,18 @@
 CVE-2017-17901
 	RESERVED
 CVE-2017-17900 (SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM ...)
-	TODO: check
+	- dolibarr <unfixed>
+	NOTE: https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c
 CVE-2017-17899 (SQL injection vulnerability in adherents/subscription/info.php in ...)
-	TODO: check
+	- dolibarr <unfixed>
+	NOTE: https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c
 CVE-2017-17898 (Dolibarr ERP/CRM version 6.0.4 does not block direct requests to ...)
-	TODO: check
+	- dolibarr <unfixed>
+	NOTE: https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c
+	NOTE: https://github.com/Dolibarr/dolibarr/commit/6a62e139604dbbd5729e57df2433b37a5950c35c
 CVE-2017-17897 (SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM ...)
-	TODO: check
+	- dolibarr <unfixed>
+	NOTE: https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c
 CVE-2017-17896 (Readymade Job Site Script has XSS via the keyword parameter to the /job ...)
 	TODO: check
 CVE-2017-17895 (Readymade Job Site Script has SQL Injection via the location_name array ...)


