Hi Guido, On Fri, Jul 21, 2017 at 10:02:37AM +0200, Guido Günther wrote: > Hi security team, > I looked at CVE-2017-1000031 yesterday. After failing to exploit it > via a SQL injection getting "validation errors". I then contacted the > maintainer Paul Gevers and he replied promptly that this looks like a > duplicate of CVE-2014-4002. Do you agree that this can be marked as > not affecting Wheezy (and therefore not Jessie since it has the same > source in this area)?
Not yet please, and in particular not not-affected but rahter should be REJECTED if this is the case. We contacted Paul, some days ago regarding this, and yes there is some indication that it might be a duplicate of CVE-2014-4002. Still to be finally checked. Regards, Salvatore
