[Git][security-tracker-team/security-tracker][master] Update CVE-2017-11509 information

Salvatore Bonaccorso carnil at debian.org
Mon Apr 23 06:32:36 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
43489ca9 by Salvatore Bonaccorso at 2018-04-23T07:31:15+02:00
Update CVE-2017-11509 information

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -44876,14 +44876,16 @@ CVE-2017-11511 (The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary
 CVE-2017-11510 (An information leak exists in Wanscam's HW0021 network camera that ...)
 	NOT-FOR-US: Wanscam's HW0021 network camera
 CVE-2017-11509 (An authenticated remote attacker can execute arbitrary code in ...)
-	- firebird3.0 <unfixed>
+	- firebird3.0 3.0.3.32900.ds4-3
 	[stretch] - firebird3.0 <postponed> (Minor issue, can be fixed along in a future update)
 	- firebird2.5 <removed>
 	[jessie] - firebird2.5 <no-dsa> (Minor issue, can be fixed along in a future update)
 	NOTE: https://www.tenable.com/security/research/tra-2017-36
 	NOTE: Firebird upstream responded to Tenable the issue is not intended to be addressed
 	NOTE: in "any current release".
-	NOTE: steps to reproduce (partly) in: https://lists.debian.org/874lk9wyz5.fsf@curie.anarc.at
+	NOTE: Issue adressed by disabling UDFs in firebird.conf, this is not a source code fix,
+	NOTE: and might actually be considered more justof a mitigation.
+	NOTE: Steps to reproduce (partly) in: https://lists.debian.org/874lk9wyz5.fsf@curie.anarc.at
 CVE-2017-11508 (SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection ...)
 	NOT-FOR-US: SecurityCenter
 CVE-2017-11507 (A cross site scripting (XSS) vulnerability exists in Check_MK versions ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/43489ca949bdd7ae93b46b53540c806341f2da1f

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/43489ca949bdd7ae93b46b53540c806341f2da1f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180423/e65ebd46/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list