[Secure-testing-commits] r57964 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Nov 23 15:52:01 UTC 2017
Author: carnil
Date: 2017-11-23 15:52:01 +0000 (Thu, 23 Nov 2017)
New Revision: 57964
Modified:
data/CVE/list
Log:
Update CVE-2017-9299 status
The state is not fully correct. But the original report ist too vague
and unclear to be tracked down, and after upstream's look at it ist
still not clear where it has been fixed. It's not reproducible but
unclear if really fixed.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-23 15:21:50 UTC (rev 57963)
+++ data/CVE/list 2017-11-23 15:52:01 UTC (rev 57964)
@@ -22421,10 +22421,13 @@
[wheezy] - vlc <end-of-life> (Not supported in wheezy LTS)
NOTE: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commit;h=55a82442cfea9dab8b853f3a4610f2880c5fadf3
CVE-2017-9299 (Open Ticket Request System (OTRS) 3.3.9 has XSS in ...)
- - otrs2 <undetermined>
+ - otrs2 <unfixed> (unimportant)
NOTE: The issue is most likely fixed in the 3.x series already before 3.3.17.
NOTE: The exact issue, fixing commits and upstream version was not yet tracked
NOTE: down.
+ NOTE: Furthermore the original report is quite vague/unclear and upstream can
+ NOTE: not track the issue down to a specific fixed release claims though that
+ NOTE: it should not be reproducible with versions later than 3.3.17.
CVE-2017-9298 (Cross-site scripting vulnerability in Hitachi Device Manager before ...)
NOT-FOR-US: Hitacho Device Manager
CVE-2017-9297 (Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 ...)
More information about the Secure-testing-commits
mailing list