CVE-2017-16896

NameCVE-2017-16896
DescriptionA SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs882543

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
tt-rss (PTS)bullseye21~git20210204.b4cbc79+dfsg-1fixed
bookworm21~git20210204.b4cbc79+dfsg-1.2fixed
sid21~git20210204.b4cbc79+dfsg-1.3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
tt-rsssource(unstable)17.4+git20180312+dfsg-1882543

Notes

https://discourse.tt-rss.org/t/sql-injection-in-forgotpass-fixed/669
https://git.tt-rss.org/git/tt-rss/commit/2352c320c2ed34ec7df1ad22f0c55a1b26489815

Search for package or bug name: Reporting problems