[Secure-testing-commits] r56053 - in data: . CVE

Emilio Pozuelo Monfort pochu at moszumanska.debian.org
Sat Sep 23 14:14:03 UTC 2017 

Author: pochu
Date: 2017-09-23 14:14:03 +0000 (Sat, 23 Sep 2017)
New Revision: 56053

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
CVE-2017-1000031/cacti: mark as ignored for wheezy too

This is already fixed in wheezy, but let's follow jessie here in case
we missed some change.


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-09-23 14:08:36 UTC (rev 56052)
+++ data/CVE/list	2017-09-23 14:14:03 UTC (rev 56053)
@@ -9990,6 +9990,7 @@
 CVE-2017-1000031 (SQL injection vulnerability in graph_templates_inputs.php in Cacti ...)
 	- cacti 0.8.8e+ds1-1
 	[jessie] - cacti <ignored> (Minor issue, can be mitigated with Web Application Firewalls)
+	[wheezy] - cacti <ignored> (Minor issue, can be mitigated with Web Application Firewalls)
 	NOTE: https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-007/?fid=7789
 	NOTE: MITRE disagrees that this CVE is a duplicate of CVE-2014-4002 and CVE-2016-3172.
 	NOTE: MITRE believes that CVE-2017-1000031 is a different vulnerability than
@@ -9998,7 +9999,7 @@
 	NOTE: vectors with this vulnerability, and covers different attack vectors than
 	NOTE: CVE-2016-3172 despite sharing vulnerability type, and appears to be
 	NOTE: independently fixable from said vulnerability based on the fix provided here:
-	NOTE: https://github.com/Cacti/cacti/issues/866.
+	NOTE: https://github.com/Cacti/cacti/issues/866
 	NOTE: According to https://github.com/Cacti/cacti/issues/866#issuecomment-316865448
 	NOTE: the first issue was fixed by https://github.com/Cacti/cacti/commit/be800c9e552d2929106b576922e9693c83b4bd46
 	NOTE: whereas the second issue was fixed by https://github.com/Cacti/cacti/commit/4e4dd6784adfc07b6011da999809d86a06f0f4e5

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2017-09-23 14:08:36 UTC (rev 56052)
+++ data/dla-needed.txt	2017-09-23 14:14:03 UTC (rev 56053)
@@ -15,9 +15,6 @@
 ca-certificates
   NOTE: 20170719: maintainer will handle the upload, see https://lists.debian.org/d0b9674a-ac5b-5cc9-1982-fb6f36155c5a@pbandjelly.org
 --
-cacti (Emilio Pozuelo)
-  NOTE: 20170809: note that there is some "drama" re. duplicates. See <https://security-tracker.debian.org/tracker/CVE-2017-1000031> (lamby)
---
 check-mk
   NOTE: the code is different in wheezy but from a cursory look, there
   NOTE: might be multiple places where error messages are not properly

More information about the Secure-testing-commits mailing list