[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Remove dolibarr entries, pending for removal of today's 9.4
Salvatore Bonaccorso
carnil at debian.org
Sat Mar 10 07:19:00 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cd64668a by Salvatore Bonaccorso at 2018-03-10T08:18:36+01:00
Remove dolibarr entries, pending for removal of today's 9.4
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -11284,7 +11284,6 @@ CVE-2017-17972
RESERVED
CVE-2017-17971 (The test_sql_and_script_inject function in htdocs/main.inc.php in ...)
- dolibarr <removed> (bug #885828)
- [stretch] - dolibarr <no-dsa> (Minor issue)
[jessie] - dolibarr <no-dsa> (Minor issue)
NOTE: https://github.com/Dolibarr/dolibarr/issues/8000
CVE-2018-3809
@@ -11917,23 +11916,19 @@ CVE-2017-17901 (ZyXEL P-660HW v3 devices allow remote attackers to cause a denia
NOT-FOR-US: ZyXEL
CVE-2017-17900 (SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM ...)
- dolibarr <removed> (bug #885321)
- [stretch] - dolibarr <no-dsa> (Minor issue)
[jessie] - dolibarr <no-dsa> (Minor issue)
NOTE: https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c
CVE-2017-17899 (SQL injection vulnerability in adherents/subscription/info.php in ...)
- dolibarr <removed> (bug #885321)
- [stretch] - dolibarr <no-dsa> (Minor issue)
[jessie] - dolibarr <no-dsa> (Minor issue)
NOTE: https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c
CVE-2017-17898 (Dolibarr ERP/CRM version 6.0.4 does not block direct requests to ...)
- dolibarr <removed> (bug #885321)
- [stretch] - dolibarr <no-dsa> (Minor issue)
[jessie] - dolibarr <no-dsa> (Minor issue)
NOTE: https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c
NOTE: https://github.com/Dolibarr/dolibarr/commit/6a62e139604dbbd5729e57df2433b37a5950c35c
CVE-2017-17897 (SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM ...)
- dolibarr <removed> (bug #885321)
- [stretch] - dolibarr <no-dsa> (Minor issue)
[jessie] - dolibarr <no-dsa> (Minor issue)
NOTE: https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c
CVE-2017-17896 (Readymade Job Site Script has XSS via the keyword parameter to the /job ...)
@@ -30376,27 +30371,22 @@ CVE-2017-14243 (An authentication bypass vulnerability on UTStar WA3002G4 ADSL .
NOT-FOR-US: UTStar
CVE-2017-14242 (SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 ...)
- dolibarr <removed> (bug #885319)
- [stretch] - dolibarr <no-dsa> (Minor issue)
[jessie] - dolibarr <no-dsa> (Minor issue)
NOTE: https://github.com/Dolibarr/dolibarr/commit/33e2179b65331d9d9179b59d746817c5be1fecdb
CVE-2017-14241 (Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 ...)
- dolibarr <removed> (bug #885320)
- [stretch] - dolibarr <no-dsa> (Minor issue)
[jessie] - dolibarr <no-dsa> (Minor issue)
NOTE: https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548
CVE-2017-14240 (There is a sensitive information disclosure vulnerability in ...)
- dolibarr <removed> (bug #885320)
- [stretch] - dolibarr <no-dsa> (Minor issue)
[jessie] - dolibarr <no-dsa> (Minor issue)
NOTE: https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548
CVE-2017-14239 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM ...)
- dolibarr <removed> (bug #885320)
- [stretch] - dolibarr <no-dsa> (Minor issue)
[jessie] - dolibarr <no-dsa> (Minor issue)
NOTE: https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548
CVE-2017-14238 (SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM ...)
- dolibarr <removed> (bug #885320)
- [stretch] - dolibarr <no-dsa> (Minor issue)
[jessie] - dolibarr <no-dsa> (Minor issue)
NOTE: https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548
CVE-2017-14237
@@ -41666,7 +41656,6 @@ CVE-2017-9841 (Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5
NOTE: http://phpunit.vulnbusters.com/
CVE-2017-9840 (Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload ...)
- dolibarr <removed> (bug #867495)
- [stretch] - dolibarr <no-dsa> (Minor issue)
[jessie] - dolibarr <no-dsa> (Minor issue)
CVE-2017-9839
RESERVED
@@ -44549,7 +44538,6 @@ CVE-2017-9436 (TeamPass before 2.1.27.4 is vulnerable to a SQL injection in ...)
NOT-FOR-US: TeamPass
CVE-2017-9435 (Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in ...)
- dolibarr 5.0.4+dfsg3-1 (bug #864569)
- [stretch] - dolibarr <no-dsa> (Minor issue)
[jessie] - dolibarr <no-dsa> (Minor issue)
NOTE: https://github.com/Dolibarr/dolibarr/commit/70636cc59ffa1ffbc0ce3dba315d7d9b837aad04
CVE-2017-9434 (Crypto++ (aka cryptopp) through 5.6.5 contains an out-of-bounds read ...)
@@ -46489,7 +46477,6 @@ CVE-2017-8880
RESERVED
CVE-2017-8879 (Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the ...)
- dolibarr 5.0.4+dfsg3-1 (bug #863544)
- [stretch] - dolibarr <no-dsa> (Minor issue)
[jessie] - dolibarr <no-dsa> (Minor issue)
CVE-2017-8878 (ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 ...)
NOT-FOR-US: ASUS
@@ -49287,17 +49274,14 @@ CVE-2017-7890 (The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c
NOTE: https://github.com/libgd/libgd/commit/c613bc169802bb4b639ee2e15c61b25b80a88424
CVE-2017-7888 (Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which ...)
- dolibarr 5.0.4+dfsg3-1 (bug #863544)
- [stretch] - dolibarr <no-dsa> (Minor issue)
[jessie] - dolibarr <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/6
CVE-2017-7887 (Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall ...)
- dolibarr 5.0.4+dfsg3-1 (bug #863544)
- [stretch] - dolibarr <no-dsa> (Minor issue)
[jessie] - dolibarr <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/6
CVE-2017-7886 (Dolibarr ERP/CRM 4.0.4 has SQL Injection in ...)
- dolibarr 5.0.4+dfsg3-1 (bug #863544)
- [stretch] - dolibarr <no-dsa> (Minor issue)
[jessie] - dolibarr <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/6
CVE-2017-7885 (Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cd64668a822c412f83a5e63e5313b5cb2a28d508
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cd64668a822c412f83a5e63e5313b5cb2a28d508
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180310/278384f5/attachment.html>
More information about the Secure-testing-commits
mailing list