[Secure-testing-commits] r56966 - data/CVE

[Raphaël Hertzog]

Author: hertzog
Date: 2017-10-25 16:46:31 +0000 (Wed, 25 Oct 2017)
New Revision: 56966

Modified:
   data/CVE/list
Log:
zoneminder issues are fixed in unstable

Chris Lamb checked that the CVE have been fixed upstream:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854733#53

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-25 15:32:12 UTC (rev 56965)
+++ data/CVE/list	2017-10-25 16:46:31 UTC (rev 56966)
@@ -25517,8 +25517,9 @@
 CVE-2017-7204 (A Cross-Site Scripting (XSS) was discovered in imdbphp 5.1.1. The ...)
 	NOT-FOR-US: imdbphp
 CVE-2017-7203 (A Cross-Site Scripting (XSS) was discovered in ZoneMinder 1.30.2. The ...)
-	- zoneminder <unfixed> (bug #858329)
+	- zoneminder 1.30.4+dfsg-1 (bug #858329)
 	NOTE: https://github.com/ZoneMinder/ZoneMinder/issues/1797
+	NOTE: Fixed in 1.30.2 upstream.
 CVE-2017-7202 (Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 Cendana ...)
 	NOT-FOR-US: SLiMS
 CVE-2017-7201
@@ -29417,29 +29418,23 @@
 	NOTE: Patch: https://github.com/irssi/irssi/pull/619/commits/677fb1f55ca52d0e43c93f7d8361d333ff5bffd6
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/02/05/8
 CVE-2016-10206 (Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and ...)
-	- zoneminder <unfixed> (bug #854272)
+	- zoneminder 1.30.4+dfsg-1 (bug #854272)
 	[jessie] - zoneminder <no-dsa> (Minor issue)
-	TODO: check, claimed to be fixed in 1.30.4+dfsg-1 but not yet verified
 CVE-2016-10205 (Session fixation vulnerability in Zoneminder 1.30 and earlier allows ...)
-	- zoneminder <unfixed> (bug #854272)
+	- zoneminder 1.30.4+dfsg-1 (bug #854272)
 	[jessie] - zoneminder <no-dsa> (Minor issue)
-	TODO: check, claimed to be fixed in 1.30.4+dfsg-1 but not yet verified
 CVE-2016-10204 (SQL injection vulnerability in Zoneminder 1.30 and earlier allows ...)
-	- zoneminder <unfixed> (bug #854272)
+	- zoneminder 1.30.4+dfsg-1 (bug #854272)
 	[jessie] - zoneminder <no-dsa> (Minor issue)
-	TODO: check, claimed to be fixed in 1.30.4+dfsg-1 but not yet verified
 CVE-2016-10203 (Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and ...)
-	- zoneminder <unfixed> (bug #854272)
+	- zoneminder 1.30.4+dfsg-1 (bug #854272)
 	[jessie] - zoneminder <no-dsa> (Minor issue)
-	TODO: check, claimed to be fixed in 1.30.4+dfsg-1 but not yet verified
 CVE-2016-10202 (Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and ...)
-	- zoneminder <unfixed> (bug #854272)
+	- zoneminder 1.30.4+dfsg-1 (bug #854272)
 	[jessie] - zoneminder <no-dsa> (Minor issue)
-	TODO: check, claimed to be fixed in 1.30.4+dfsg-1 but not yet verified
 CVE-2016-10201 (Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and ...)
-	- zoneminder <unfixed> (bug #854272)
+	- zoneminder 1.30.4+dfsg-1 (bug #854272)
 	[jessie] - zoneminder <no-dsa> (Minor issue)
-	TODO: check, claimed to be fixed in 1.30.4+dfsg-1 but not yet verified
 CVE-2016-10208 (The ext4_fill_super function in fs/ext4/super.c in the Linux kernel ...)
 	- linux 4.9.10-1
 	[jessie] - linux 3.16.43-1
@@ -31421,11 +31416,9 @@
 CVE-2017-5369
 	RESERVED
 CVE-2017-5368 (ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, ...)
-	- zoneminder <unfixed> (bug #854733)
-	TODO: check, claimed to be fixed in 1.30.4+dfsg-1 but not yet verified
+	- zoneminder 1.30.4+dfsg-1 (bug #854733)
 CVE-2017-5367 (Multiple reflected XSS vulnerabilities exist within form and link input ...)
-	- zoneminder <unfixed> (bug #854733)
-	TODO: check, claimed to be fixed in 1.30.4+dfsg-1 but not yet verified
+	- zoneminder 1.30.4+dfsg-1 (bug #854733)
 CVE-2017-5366
 	RESERVED
 CVE-2017-5365