[Secure-testing-commits] r54201 - data/CVE
Henri Salo
fgeek-guest at moszumanska.debian.org
Wed Aug 2 13:19:45 UTC 2017
Author: fgeek-guest
Date: 2017-08-02 13:19:45 +0000 (Wed, 02 Aug 2017)
New Revision: 54201
Modified:
data/CVE/list
Log:
CVE-2017-12067/potrace
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-02 12:31:57 UTC (rev 54200)
+++ data/CVE/list 2017-08-02 13:19:45 UTC (rev 54201)
@@ -284,6 +284,7 @@
CVE-2017-12067 (Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic ...)
- potrace <unfixed> (unimportant; bug #870356)
NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/potrace/heap-buffer-overflow-mkbitmap
+ NOTE: Upstream bug report https://sourceforge.net/p/potrace/bugs/22/
NOTE: Crash only in CLI tool mkbitmap, negligible security impact
CVE-2017-12066 (Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in ...)
- cacti <unfixed> (bug #870354)
More information about the Secure-testing-commits
mailing list