[Secure-testing-commits] r52406 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Jun 8 04:41:30 UTC 2017
Author: carnil
Date: 2017-06-08 04:41:29 +0000 (Thu, 08 Jun 2017)
New Revision: 52406
Modified:
data/CVE/list
Log:
Update information for CVE-2017-9324/otrs2
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-06-08 04:19:26 UTC (rev 52405)
+++ data/CVE/list 2017-06-08 04:41:29 UTC (rev 52406)
@@ -502,19 +502,7 @@
RESERVED
- otrs2 <unfixed> (bug #864319)
NOTE: https://www.otrs.com/security-advisory-2017-03-security-update-otrs-versions/
- NOTE: The security advisory is not very specific about the problem.
- NOTE: From the CHANGES.md file in 3.3.17 it is likely to be this problem
- NOTE: that have been dealt with:
- NOTE: 2017-05-31 Improved SecureMode detection in Installer.
- NOTE: Suspected file changes in 3.3.17 are the following:
- NOTE: bin/otrs.PackageManager.pl (good change but unknown security impact)
- NOTE: bin/otrs.SetPermissions.pl (looks like a security improvement at least)
- NOTE: bin/otrs.CheckModules.pl (probably not security related)
- NOTE: Kernel/Modules/Installer.pm (this is clearly a security fault!!!)
- NOTE: Kernel/Config/Files/Framework.xml (may be a security issue)
- NOTE: Kernel/System/SupportDataCollector.pm (may be a security issue)
- NOTE: It is clear that the package is vulnerable to something. Further
- NOTE: investigation is needed to pinpoint the exact vulnerability.
+ NOTE: https://github.com/OTRS/otrs/commit/45e05f854d2dc7c9fa7dd7467ea00cdcde350ac3
CVE-2017-9323
RESERVED
CVE-2017-9322
More information about the Secure-testing-commits
mailing list