diff options
| author | Sylvain Beucler <beuc@beuc.net> | 2021-11-18 17:05:19 +0100 |
|---|---|---|
| committer | Sylvain Beucler <beuc@beuc.net> | 2021-11-18 17:05:19 +0100 |
| commit | 371ad5148ea53b07863b36b86fe6590bf0f00df5 (patch) | |
| tree | 37889a4ed76aa7d4c7726f21da2b0970799e3516 | |
| parent | 693eff8f24eef92bb6c85a9984e4a91a54b7ebf4 (diff) | |
CVE-2017-11509/firebird3.0: add bug reference
| -rw-r--r-- | data/CVE/2017.list | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 7c552d95ec..6d2a72c19f 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -21223,10 +21223,11 @@ CVE-2017-11509 (An authenticated remote attacker can execute arbitrary code in F [stretch] - firebird3.0 <postponed> (Minor issue, can be fixed along in a future update) - firebird2.5 <removed> NOTE: https://www.tenable.com/security/research/tra-2017-36 + NOTE: https://github.com/FirebirdSQL/firebird/issues/5787 NOTE: Firebird upstream responded to Tenable the issue is not intended to be addressed NOTE: in "any current release". NOTE: Issue adressed by disabling UDFs in firebird.conf, this is not a source code fix, - NOTE: and might actually be considered more justof a mitigation. + NOTE: and might actually be considered more of just a mitigation. NOTE: Steps to reproduce (partly) in: https://lists.debian.org/874lk9wyz5.fsf@curie.anarc.at CVE-2017-11508 (SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection ...) NOT-FOR-US: SecurityCenter |