[Secure-testing-commits] r57803 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Nov 18 22:37:15 UTC 2017
Author: carnil
Date: 2017-11-18 22:37:15 +0000 (Sat, 18 Nov 2017)
New Revision: 57803
Modified:
data/CVE/list
Log:
Add CVE-2017-16882/icinga
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-18 22:09:46 UTC (rev 57802)
+++ data/CVE/list 2017-11-18 22:37:15 UTC (rev 57803)
@@ -2,7 +2,11 @@
- ming <removed>
NOTE: https://github.com/libming/libming/issues/77
CVE-2017-16882 (Icinga Core through 1.14.0 initially executes bin/icinga as root but ...)
- TODO: check
+ - icinga <not-affected> (Doesn't affect Icinga 1.x as packaged in Debian)
+ NOTE: https://github.com/Icinga/icinga-core/issues/1601
+ NOTE: State is not fully correct, since "affected" source would be there,
+ NOTE: But Debian does not install the binaries nor configuration files as
+ NOTE: respective icinga user.
CVE-2017-16881 (b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON ...)
TODO: check
CVE-2017-16880 (The dump function in Util/TemplateHelper.php in filp whoops before ...)
More information about the Secure-testing-commits
mailing list