[Secure-testing-commits] r51137 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Apr 28 06:34:33 UTC 2017
Author: carnil
Date: 2017-04-28 06:34:33 +0000 (Fri, 28 Apr 2017)
New Revision: 51137
Modified:
data/CVE/list
Log:
Update status for CVE-2017-7476
Note for reviewers, please double check this. gnulib is as well embedded
in coreutils, but the issue seem not present as well there. Double check
this please as well.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-28 06:34:23 UTC (rev 51136)
+++ data/CVE/list 2017-04-28 06:34:33 UTC (rev 51137)
@@ -2217,9 +2217,9 @@
NOTE: Fixed by: https://git.kernel.org/linus/4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee
CVE-2017-7476 [Out-of-bounds write by setting a large TZ variable]
RESERVED
- - gnulib <unfixed>
+ - gnulib <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commitdiff;h=94e01571
- TODO: check, possibly not-affected, since issues introduced with 4bc76593 and 4e6e16b3f.
+ NOTE: Introduced with 4bc76593 and 4e6e16b3f.
CVE-2017-7475
RESERVED
CVE-2017-7474
More information about the Secure-testing-commits
mailing list