From 21087a44f078ecb1f4500165fae7012b7a2787da Mon Sep 17 00:00:00 2001
From: CVE Team <cve-request@mitre.org>
Date: Thu, 26 Sep 2019 17:01:00 +0000
Subject: [PATCH] "-Synchronized-Data."

---
 2017/17xxx/CVE-2017-17518.json |  2 +-
 2019/11xxx/CVE-2019-11396.json | 10 ++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/2017/17xxx/CVE-2017-17518.json b/2017/17xxx/CVE-2017-17518.json
index 72f5bcb56a2..f2d9afd50ec 100644
--- a/2017/17xxx/CVE-2017-17518.json
+++ b/2017/17xxx/CVE-2017-17518.json
@@ -34,7 +34,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL."
+                "value": "** DISPUTED ** swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: This issue is being disputed as not being a vulnerability because \u201cthe current version of white_dune (1.369 at https://wdune.ourproject.org/) do not use a \"BROWSER environment variable\". Instead, the \"browser\" variable is read from the $HOME/.dunerc file (or from the M$Windows registry). It is configurable in the \"options\" menu. The default is chosen in the ./configure script, which tests various programs, first tested is \"xdg-open\".\u201d"
             }
         ]
     },
diff --git a/2019/11xxx/CVE-2019-11396.json b/2019/11xxx/CVE-2019-11396.json
index 041cb4227ac..61e3a8bab1f 100644
--- a/2019/11xxx/CVE-2019-11396.json
+++ b/2019/11xxx/CVE-2019-11396.json
@@ -52,10 +52,20 @@
     },
     "references": {
         "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "http://packetstormsecurity.com/files/153868/Avira-Free-Security-Suite-2019-Software-Updater-2.0.6.13175-Improper-Access-Control.html",
+                "url": "http://packetstormsecurity.com/files/153868/Avira-Free-Security-Suite-2019-Software-Updater-2.0.6.13175-Improper-Access-Control.html"
+            },
             {
                 "refsource": "FULLDISC",
                 "name": "20190802 Avira Free Security Suite 2019 - Exploiting Arbitrary File Writes for Local Elevation of Privilege",
                 "url": "https://seclists.org/fulldisclosure/2019/Aug/1"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://medium.com/sidechannel-br/vulnerabilidade-no-avira-security-suite-pode-levar-%C3%A0-escala%C3%A7%C3%A3o-de-privil%C3%A9gios-no-windows-71964236c077",
+                "url": "https://medium.com/sidechannel-br/vulnerabilidade-no-avira-security-suite-pode-levar-%C3%A0-escala%C3%A7%C3%A3o-de-privil%C3%A9gios-no-windows-71964236c077"
             }
         ]
     }