[Secure-testing-commits] r54377 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Mon Aug 7 08:19:57 UTC 2017


Author: carnil
Date: 2017-08-07 08:19:54 +0000 (Mon, 07 Aug 2017)
New Revision: 54377

Modified:
   data/CVE/list
Log:
Mark CVE-2017-12588 as unimportant

The zmq3 input and output modules not enabled and build in Debian.

---{ input plugins }---
[...]
    imzmq3 input module enabled:              no
[...]
---{ output plugins }---
    omzmq3 module will be compiled:           no

and both not compiled.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-08-07 07:38:42 UTC (rev 54376)
+++ data/CVE/list	2017-08-07 08:19:54 UTC (rev 54377)
@@ -11,9 +11,10 @@
 CVE-2017-12589
 	RESERVED
 CVE-2017-12588 (The zmq3 input and output modules in rsyslog before 8.28.0 interpreted ...)
-	- rsyslog 8.28.0-1
+	- rsyslog 8.28.0-1 (unimportant)
 	NOTE: https://github.com/rsyslog/rsyslog/commit/062d0c671a29f7c6f7dff4a2f1f35df375bbb30b
 	NOTE: https://github.com/rsyslog/rsyslog/pull/1565
+	NOTE: The zmq3 input and output modules are not enabled and built in Debian
 CVE-2017-12587 (ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage ...)
 	- imagemagick 8:6.9.7.4+dfsg-16 (bug #870526)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/535




More information about the Secure-testing-commits mailing list