[Secure-testing-commits] r54176 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Aug 1 11:42:06 UTC 2017
Author: carnil
Date: 2017-08-01 11:42:06 +0000 (Tue, 01 Aug 2017)
New Revision: 54176
Modified:
data/CVE/list
Log:
potrace issue unimportant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-01 11:37:09 UTC (rev 54175)
+++ data/CVE/list 2017-08-01 11:42:06 UTC (rev 54176)
@@ -127,8 +127,9 @@
CVE-2017-12068 (The Event List plugin 0.7.9 for WordPress has XSS in the slug array ...)
TODO: check
CVE-2017-12067 (Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic ...)
- - potrace <unfixed>
+ - potrace <unfixed> (unimportant)
NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/potrace/heap-buffer-overflow-mkbitmap
+ NOTE: Crash only in CLI tool mkbitmap, negligible security impact
CVE-2017-12066 (Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in ...)
- cacti <unfixed> (bug #870354)
[stretch] - cacti <not-affected> (Vulnerable code introduced later)
More information about the Secure-testing-commits
mailing list