Author: carnil
Date: 2017-08-08 20:13:03 +0000 (Tue, 08 Aug 2017)
New Revision: 54447

Modified:
   data/CVE/list
Log:
Update note for CVE-2017-1000031

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-08-08 20:04:36 UTC (rev 54446)
+++ data/CVE/list       2017-08-08 20:13:03 UTC (rev 54447)
@@ -3913,8 +3913,14 @@
 CVE-2017-1000031 (SQL injection vulnerability in graph_templates_inputs.php in 
Cacti ...)
        - cacti <unfixed>
        NOTE: 
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-007/?fid=7789
-       NOTE: Finding 1 looks like duplicate of of CVE-2014-4002. Finding 2.1 
duplicate of
-       NOTE: CVE-2016-3172 and finding 2.2 as well duplicate of CVE-2014-4002.
+       NOTE: MITRE disagrees that this CVE is a duplicate of CVE-2014-4002 and 
CVE-2016-3172.
+       NOTE: MITRE believes that CVE-2017-1000031 is a different vulnerability 
than
+       NOTE: CVE-2014-4002 and CVE-2016-3172. This is because they seprate on 
vulnerability
+       NOTE: type, so it cannot be a duplicate of CVE-2014-4002 despite 
sharing attack
+       NOTE: vectors with this vulnerability, and covers different attack 
vectors than
+       NOTE: CVE-2016-3172 despite sharing vulnerability type, and appears to 
be
+       NOTE: independently fixable from said vulnerability based on the fix 
provided here:
+       NOTE: https://github.com/Cacti/cacti/issues/866.
        NOTE: According to 
https://github.com/Cacti/cacti/issues/866#issuecomment-316865448
        NOTE: the first issue was fixed by 
https://github.com/Cacti/cacti/commit/be800c9e552d2929106b576922e9693c83b4bd46
        NOTE: whereas the secod issue was fixed by 
https://github.com/Cacti/cacti/commit/4e4dd6784adfc07b6011da999809d86a06f0f4e5


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to