[Secure-testing-commits] r50740 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Apr 18 03:22:13 UTC 2017
Author: carnil
Date: 2017-04-18 03:22:13 +0000 (Tue, 18 Apr 2017)
New Revision: 50740
Modified:
data/CVE/list
Log:
Add CVE-2017-7892/capnproto
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-18 03:16:53 UTC (rev 50739)
+++ data/CVE/list 2017-04-18 03:22:13 UTC (rev 50740)
@@ -1,3 +1,8 @@
+CVE-2017-7892 [Bounds check elided by compiler optimization]
+ - capnproto <unfixed>
+ NOTE: https://github.com/sandstorm-io/capnproto/blob/master/security-advisories/2017-04-17-0-apple-clang-elides-bounds-check.md
+ NOTE: Fixed by: https://github.com/sandstorm-io/capnproto/commit/52bc956459a5e83d7c31be95763ff6399e064ae4
+ TODO: according to the advisory so far only Apple's compiler has been shown to apply the problematic optimization, so possibly "unimportant" for us, but fixed in 0.5.3.1 upstream
CVE-2017-7891 (sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php via the ...)
TODO: check
CVE-2017-7890
More information about the Secure-testing-commits
mailing list