[Secure-testing-commits] r52589 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Jun 15 18:51:48 UTC 2017 

Author: carnil
Date: 2017-06-15 18:51:40 +0000 (Thu, 15 Jun 2017)
New Revision: 52589

Modified:
   data/CVE/list
Log:
Add new CVEs for request-tracker4 (and rt-authen-externalauth)

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-06-15 18:44:06 UTC (rev 52588)
+++ data/CVE/list	2017-06-15 18:51:40 UTC (rev 52589)
@@ -10797,10 +10797,12 @@
 	NOTE: https://github.com/rubyzip/rubyzip/issues/315
 CVE-2017-5945 (An issue was discovered in the PoodLL Filter plugin through 3.0.20 for ...)
 	NOT-FOR-US: Moodle plugin
-CVE-2017-5944
+CVE-2017-5944 [Remote code execution in dashboard interface]
 	RESERVED
-CVE-2017-5943
+	- request-tracker4 <unfixed>
+CVE-2017-5943 [CSRF verification token information leak]
 	RESERVED
+	- request-tracker4 <unfixed>
 CVE-2017-5942 (An issue was discovered in the WP Mail plugin before 1.2 for WordPress. ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2016-10222 (runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in ...)
@@ -13069,8 +13071,11 @@
 	RESERVED
 CVE-2017-5362
 	RESERVED
-CVE-2017-5361
+CVE-2017-5361 [Timing side-channel vulnerability in password verification]
 	RESERVED
+	- request-tracker4 <unfixed>
+	- rt-authen-externalauth <removed>
+	NOTE: https://github.com/bestpractical/rt-authen-externalauth/commit/436255c04b4881bb6d8eec9a57b8593033d863a9
 CVE-2017-5360
 	RESERVED
 CVE-2017-5359 (EasyCom SQL iPlug allows remote attackers to cause a denial of service ...)
@@ -37950,8 +37955,9 @@
 	NOTE: https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd09
 	NOTE: The CVE is originally assigend to OP-TEE, but the underlying issue seems to be in
 	NOTE: libtomcrypt, thus keep that source package as well for now associated.
-CVE-2016-6127
+CVE-2016-6127 [XSS in file uploads]
 	RESERVED
+	- request-tracker4 <unfixed>
 CVE-2016-6126 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote ...)
 	NOT-FOR-US: IBM
 CVE-2016-6125 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to ...)

More information about the Secure-testing-commits mailing list