[Secure-testing-commits] r54804 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Aug 17 07:11:53 UTC 2017
Author: carnil
Date: 2017-08-17 07:11:53 +0000 (Thu, 17 Aug 2017)
New Revision: 54804
Modified:
data/CVE/list
Log:
mark CVE-2017-12852/python-numpy as no-dsa
Version for stretch has been verified to be affected, not clear though
for jessie if the issue is just covered, since gives a warning/error
about invalid slice. Maybe the bug has actually be introduced later and
<not-affected> would be correct. Decided to hide the issue from
security-team perspective as <no-dsa> and if turns out to be introduced
later we can fix the entry for jessie.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-17 06:48:06 UTC (rev 54803)
+++ data/CVE/list 2017-08-17 07:11:53 UTC (rev 54804)
@@ -618,6 +618,8 @@
NOT-FOR-US: RealTime RWR-3G-100 Router Firmware
CVE-2017-12852 (The numpy.pad function in Numpy 1.13.1 and older versions is missing ...)
- python-numpy <unfixed>
+ [stretch] - python-numpy <no-dsa> (Minor issue)
+ [jessie] - python-numpy <no-dsa> (Minor issue)
NOTE: https://github.com/numpy/numpy/issues/9560#issuecomment-322395292
CVE-2017-12851 (An authenticated standard user could reset the password of the admin ...)
- kanboard <itp> (bug #790814)
More information about the Secure-testing-commits
mailing list