[Git][security-tracker-team/security-tracker][master] Update information on old CVE-2017-11189/unrar-free
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Sep 26 13:23:22 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
100a486d by Salvatore Bonaccorso at 2021-09-26T14:22:52+02:00
Update information on old CVE-2017-11189/unrar-free
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -264015,8 +264015,10 @@ CVE-2017-11190 (unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled,
- unrar-free <unfixed> (unimportant)
NOTE: Affected debug code not enabled
CVE-2017-11189 (unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a ...)
- - unrar-free <unfixed> (unimportant)
+ - unrar-free 1:0.0.1+cvs20140707-4 (unimportant)
NOTE: Crash in CLI tool, no security impact
+ NOTE: https://github.com/0x09AL/my-exploits/blob/master/pocs/unrar-free/dos/DESCRIPTION
+ NOTE: Same fix as CVE-2017-14121 and possibly to be considered a duplicate
CVE-2017-11187 (phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks t ...)
NOT-FOR-US: phpMyFAQ
CVE-2017-11186
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/100a486da6492bacc8122f4e8950290bb9946b87
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/100a486da6492bacc8122f4e8950290bb9946b87
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210926/c17d7cc2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list