[Secure-testing-commits] r53426 - data/CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Thu Jul 13 04:16:27 UTC 2017
Author: hertzog
Date: 2017-07-13 04:16:27 +0000 (Thu, 13 Jul 2017)
New Revision: 53426
Modified:
data/CVE/list
Log:
Mark CVE-2017-11163 as not-affected on all releases
The aggregate_graphs.php file is not present in our releases.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-13 01:11:50 UTC (rev 53425)
+++ data/CVE/list 2017-07-13 04:16:27 UTC (rev 53426)
@@ -100,6 +100,12 @@
TODO: check
CVE-2017-11163 (Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in ...)
- cacti 1.1.12+ds1-1 (bug #868080)
+ [stretch] - cacti <not-affected> (Vulnerable code introduced later)
+ [jessie] - cacti <not-affected> (Vulnerable code introduced later)
+ [wheezy] - cacti <not-affected> (Vulnerable code introduced later)
+ NOTE: aggregate_graphs.php not available in 0.8.8.
+ NOTE: Upstream claims fix for CVE-2017-10970 also fixes this CVE
+ NOTE: but produced this patch anyway: https://github.com/Cacti/cacti/commit/bf5b1309dcf68578c3bdc4db54112dfb2e8ec4f4
CVE-2017-11162
RESERVED
CVE-2017-11161
More information about the Secure-testing-commits
mailing list