[Secure-testing-commits] r56639 - data/CVE

Thu Oct 12 09:16:58 UTC 2017

Author: jmm
Date: 2017-10-12 09:16:58 +0000 (Thu, 12 Oct 2017)
New Revision: 56639

Modified:
   data/CVE/list
Log:
new sqlite issue
NFUs


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-10-12 09:15:23 UTC (rev 56638)
+++ data/CVE/list	2017-10-12 09:16:58 UTC (rev 56639)
@@ -3,7 +3,8 @@
 CVE-2017-15287
 	RESERVED
 CVE-2017-15286 (SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in ...)
-	TODO: check
+	- sqlite3 <unfixed> (low)
+	NOTE: https://github.com/Ha0Team/crash-of-sqlite3/blob/master/poc.md
 CVE-2017-15285 (X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote ...)
 	NOT-FOR-US: X-Cart
 CVE-2017-15284 (Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), ...)
@@ -1908,9 +1909,9 @@
 CVE-2017-14589
 	RESERVED
 CVE-2017-14588 (Various resources in Atlassian FishEye and Crucible before version ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2017-14587 (The administration user deletion resource in Atlassian FishEye and ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2017-14586
 	RESERVED
 CVE-2017-14585


