Author: carnil
Date: 2017-11-19 19:22:54 +0000 (Sun, 19 Nov 2017)
New Revision: 57834
Modified:
data/CVE/list
Log:
Add note on commit introducing the --checksum-choice option
Note for reviewers: Possibly only after that commit the archaic
checksums are not properly handled. Before that there was not the coice
of the checksum and arguably.
Follow the triage from Thorsten Alteholz in the next commit and mark
all versions in Debian as not-affected.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-19 19:12:05 UTC (rev 57833)
+++ data/CVE/list 2017-11-19 19:22:54 UTC (rev 57834)
@@ -2881,8 +2881,11 @@
NOTE:
https://git.samba.org/?p=rsync.git;a=commit;h=9a480deec4d20277d8e20bc55515ef0640ca1e55
NOTE:
https://git.samba.org/?p=rsync.git;a=commit;h=c252546ceeb0925eb8a4061315e3ff0a8c55b48b
NOTE: And possibly the following two commits on top:
- NOTE:
https://git.samba.org/?p=rsync.git;a=commith=bc112b0e7feece62ce98708092306639a8a53cce
+ NOTE:
https://git.samba.org/?p=rsync.git;a=commit;h=bc112b0e7feece62ce98708092306639a8a53cce
NOTE:
https://git.samba.org/?p=rsync.git;a=commit;h=416e719bea4f5466c8dd2b34cac0059b6ff84ff3
+ NOTE: The following commit introduced special handling of archaic
versions / handling of
+ NOTE: --checksum-choice option to choose the checksum algorithms:
+ NOTE:
https://git.samba.org/?p=rsync.git;a=commit;h=a5a7d3a297b836387b0ac677383bdddaf2ac3598
CVE-2017-15993 (Zomato Clone Script allows SQL Injection via the
restaurant-menu.php ...)
NOT-FOR-US: Zomato Clone Script
CVE-2017-15992 (Website Broker Script allows SQL Injection via the 'status_id'
...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
