[Git][security-tracker-team/security-tracker][master] Update CVE-2017-11509 information

Sun, 22 Apr 2018 22:33:11 -0700 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
43489ca9 by Salvatore Bonaccorso at 2018-04-23T07:31:15+02:00
Update CVE-2017-11509 information

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -44876,14 +44876,16 @@ CVE-2017-11511 (The ManageEngine ServiceDesk 9.3.9328 
is vulnerable to arbitrary
 CVE-2017-11510 (An information leak exists in Wanscam's HW0021 network camera 
that ...)
        NOT-FOR-US: Wanscam's HW0021 network camera
 CVE-2017-11509 (An authenticated remote attacker can execute arbitrary code in 
...)
-       - firebird3.0 <unfixed>
+       - firebird3.0 3.0.3.32900.ds4-3
        [stretch] - firebird3.0 <postponed> (Minor issue, can be fixed along in 
a future update)
        - firebird2.5 <removed>
        [jessie] - firebird2.5 <no-dsa> (Minor issue, can be fixed along in a 
future update)
        NOTE: https://www.tenable.com/security/research/tra-2017-36
        NOTE: Firebird upstream responded to Tenable the issue is not intended 
to be addressed
        NOTE: in "any current release".
-       NOTE: steps to reproduce (partly) in: 
https://lists.debian.org/[email protected]
+       NOTE: Issue adressed by disabling UDFs in firebird.conf, this is not a 
source code fix,
+       NOTE: and might actually be considered more justof a mitigation.
+       NOTE: Steps to reproduce (partly) in: 
https://lists.debian.org/[email protected]
 CVE-2017-11508 (SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL 
Injection ...)
        NOT-FOR-US: SecurityCenter
 CVE-2017-11507 (A cross site scripting (XSS) vulnerability exists in Check_MK 
versions ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/43489ca949bdd7ae93b46b53540c806341f2da1f

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/43489ca949bdd7ae93b46b53540c806341f2da1f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to