[Secure-testing-commits] r56967 - in data: . CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Wed Oct 25 17:56:39 UTC 2017
Author: hertzog
Date: 2017-10-25 17:56:34 +0000 (Wed, 25 Oct 2017)
New Revision: 56967
Modified:
data/CVE/list
data/dla-needed.txt
Log:
CVE triaging on zoneminder
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-25 16:46:31 UTC (rev 56966)
+++ data/CVE/list 2017-10-25 17:56:34 UTC (rev 56967)
@@ -25518,6 +25518,7 @@
NOT-FOR-US: imdbphp
CVE-2017-7203 (A Cross-Site Scripting (XSS) was discovered in ZoneMinder 1.30.2. The ...)
- zoneminder 1.30.4+dfsg-1 (bug #858329)
+ [wheezy] - zoneminder <no-dsa> (Minor issue)
NOTE: https://github.com/ZoneMinder/ZoneMinder/issues/1797
NOTE: Fixed in 1.30.2 upstream.
CVE-2017-7202 (Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 Cendana ...)
@@ -29420,21 +29421,27 @@
CVE-2016-10206 (Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and ...)
- zoneminder 1.30.4+dfsg-1 (bug #854272)
[jessie] - zoneminder <no-dsa> (Minor issue)
+ [wheezy] - zoneminder <no-dsa> (Minor issue)
CVE-2016-10205 (Session fixation vulnerability in Zoneminder 1.30 and earlier allows ...)
- zoneminder 1.30.4+dfsg-1 (bug #854272)
[jessie] - zoneminder <no-dsa> (Minor issue)
+ [wheezy] - zoneminder <no-dsa> (Minor issue)
CVE-2016-10204 (SQL injection vulnerability in Zoneminder 1.30 and earlier allows ...)
- zoneminder 1.30.4+dfsg-1 (bug #854272)
[jessie] - zoneminder <no-dsa> (Minor issue)
+ [wheezy] - zoneminder <no-dsa> (Minor issue)
CVE-2016-10203 (Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and ...)
- zoneminder 1.30.4+dfsg-1 (bug #854272)
[jessie] - zoneminder <no-dsa> (Minor issue)
+ [wheezy] - zoneminder <no-dsa> (Minor issue)
CVE-2016-10202 (Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and ...)
- zoneminder 1.30.4+dfsg-1 (bug #854272)
[jessie] - zoneminder <no-dsa> (Minor issue)
+ [wheezy] - zoneminder <no-dsa> (Minor issue)
CVE-2016-10201 (Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and ...)
- zoneminder 1.30.4+dfsg-1 (bug #854272)
[jessie] - zoneminder <no-dsa> (Minor issue)
+ [wheezy] - zoneminder <no-dsa> (Minor issue)
CVE-2016-10208 (The ext4_fill_super function in fs/ext4/super.c in the Linux kernel ...)
- linux 4.9.10-1
[jessie] - linux 3.16.43-1
@@ -31417,8 +31424,11 @@
RESERVED
CVE-2017-5368 (ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, ...)
- zoneminder 1.30.4+dfsg-1 (bug #854733)
+ [wheezy] - zoneminder <no-dsa> (Too intrusive to backport)
+ NOTE: https://github.com/ZoneMinder/ZoneMinder/pull/1822
CVE-2017-5367 (Multiple reflected XSS vulnerabilities exist within form and link input ...)
- zoneminder 1.30.4+dfsg-1 (bug #854733)
+ [wheezy] - zoneminder <no-dsa> (Minor issue)
CVE-2017-5366
RESERVED
CVE-2017-5365
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-10-25 16:46:31 UTC (rev 56966)
+++ data/dla-needed.txt 2017-10-25 17:56:34 UTC (rev 56967)
@@ -169,7 +169,4 @@
NOTE: 20170711: Pinged upstream (lamby)
--
zoneminder
- NOTE: Sql injection and session fixation vulerability fixes:
- NOTE: https://github.com/ZoneMinder/ZoneMinder/pull/1764/files
- NOTE: No CVE assigned.
--
More information about the Secure-testing-commits
mailing list