From 8ab7bd933e7631e761f794b86c721985f7f6783b Mon Sep 17 00:00:00 2001 From: Sylvain Beucler Date: Thu, 18 Nov 2021 17:05:19 +0100 Subject: CVE-2017-11509/firebird3.0: add bug reference --- data/CVE/list.2017 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/data/CVE/list.2017 b/data/CVE/list.2017 index 7c552d95ec..6d2a72c19f 100644 --- a/data/CVE/list.2017 +++ b/data/CVE/list.2017 @@ -21223,10 +21223,11 @@ CVE-2017-11509 (An authenticated remote attacker can execute arbitrary code in F [stretch] - firebird3.0 (Minor issue, can be fixed along in a future update) - firebird2.5 NOTE: https://www.tenable.com/security/research/tra-2017-36 + NOTE: https://github.com/FirebirdSQL/firebird/issues/5787 NOTE: Firebird upstream responded to Tenable the issue is not intended to be addressed NOTE: in "any current release". NOTE: Issue adressed by disabling UDFs in firebird.conf, this is not a source code fix, - NOTE: and might actually be considered more justof a mitigation. + NOTE: and might actually be considered more of just a mitigation. NOTE: Steps to reproduce (partly) in: https://lists.debian.org/874lk9wyz5.fsf@curie.anarc.at CVE-2017-11508 (SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection ...) NOT-FOR-US: SecurityCenter -- cgit v1.2.3