[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2018-1000053/limesurvey, itp'ed: #472802

Salvatore Bonaccorso carnil at debian.org
Sat Feb 10 09:59:55 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c644b392 by Salvatore Bonaccorso at 2018-02-10T10:59:15+01:00
Add CVE-2018-1000053/limesurvey, itp'ed: #472802

- - - - -
064fc571 by Salvatore Bonaccorso at 2018-02-10T10:59:38+01:00
Associate CVE-2012-4927 with limesurvey

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -584,7 +584,7 @@ CVE-2018-1000055 (Jenkins Android Lint Plugin 2.5 and earlier processes XML exte
 CVE-2018-1000054 (Jenkins CCM Plugin 3.1 and earlier processes XML external entities in ...)
 	NOT-FOR-US: Jenkins CCM Plugin
 CVE-2018-1000053 (LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request ...)
-	TODO: check
+	- limesurvey <itp> (bug #472802)
 CVE-2018-1000052 (fmtlib version prior to version 4.1.0 (before commit ...)
 	- fmtlib <unfixed>
 	NOTE: https://github.com/fmtlib/fmt/issues/642
@@ -174394,7 +174394,7 @@ CVE-2012-4929 (The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Goo
 CVE-2012-4928 (Cross-site scripting (XSS) vulnerability in ow_updates/index.php in ...)
 	NOT-FOR-US: Oxwall 1.1.1
 CVE-2012-4927 (SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before ...)
-	NOT-FOR-US: Limesurvey
+	- limesurvey <itp> (bug #472802)
 CVE-2012-4926 (approve.php in Img Pals Photo Host 1.0 does not authenticate requests, ...)
 	NOT-FOR-US: Img Pals Photo Host 1.0
 CVE-2012-4925 (Multiple SQL injection vulnerabilities in approve.php in Img Pals ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/6a34ad2765a94a1e7d2ae8c5f6c97146fbc99ef9...064fc571bbd2b558217f56f23c302c0a0f443360

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/6a34ad2765a94a1e7d2ae8c5f6c97146fbc99ef9...064fc571bbd2b558217f56f23c302c0a0f443360
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180210/60c882bf/attachment-0001.html>

More information about the Secure-testing-commits mailing list