[Secure-testing-commits] r51704 - in data: CVE DLA

Salvatore Bonaccorso carnil at moszumanska.debian.org
Wed May 17 19:07:49 UTC 2017


Author: carnil
Date: 2017-05-17 19:07:49 +0000 (Wed, 17 May 2017)
New Revision: 51704

Modified:
   data/CVE/list
   data/DLA/list
Log:
CVE assigned for deluge

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-05-17 19:06:24 UTC (rev 51703)
+++ data/CVE/list	2017-05-17 19:07:49 UTC (rev 51704)
@@ -216,10 +216,8 @@
 	NOTE: https://github.com/VirusTotal/yara/commit/053e67e3ec81cc9268ce30eaf0d6663d8639ed1e
 CVE-2017-8928 (mailcow 0.14, as used in "mailcow: dockerized" and other products, has ...)
 	NOT-FOR-US: mailcow
-CVE-2017-XXXX [deluge-webui: directory traversal attack vulnerability]
+CVE-2017-9031 [deluge-webui: directory traversal attack vulnerability]
 	- deluge 1.3.13+git20161130.48cedf63-3 (bug #862611)
-	[wheezy] - deluge 1.3.3-2+nmu1+deb7u2
-	NOTE: Workaround entry for DLA-943-1 until CVE assigned
 	NOTE: http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15
 	NOTE: Fixed by: http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=41acade01ae88f7b7bbdba308a0886771aa582fd
 CVE-2017-8934 (PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local ...)

Modified: data/DLA/list
===================================================================
--- data/DLA/list	2017-05-17 19:06:24 UTC (rev 51703)
+++ data/DLA/list	2017-05-17 19:07:49 UTC (rev 51704)
@@ -5,6 +5,7 @@
 	{CVE-2017-7479}
 	[wheezy] - openvpn 2.2.1-8+deb7u4
 [16 May 2017] DLA-943-1 deluge - security update
+	{CVE-2017-9031}
 	[wheezy] - deluge 1.3.3-2+nmu1+deb7u2
 [15 May 2017] DLA-942-1 jbig2dec - security update
 	{CVE-2017-7885 CVE-2017-7975 CVE-2017-7976}




More information about the Secure-testing-commits mailing list