[Secure-testing-commits] r54888 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Aug 19 13:50:32 UTC 2017
Author: carnil
Date: 2017-08-19 13:50:32 +0000 (Sat, 19 Aug 2017)
New Revision: 54888
Modified:
data/CVE/list
Log:
Add note for CVE-2017-7376
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-19 13:34:02 UTC (rev 54887)
+++ data/CVE/list 2017-08-19 13:50:32 UTC (rev 54888)
@@ -16319,7 +16319,10 @@
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780690 (not yet public)
NOTE: Android patch: https://android.googlesource.com/platform/external/libxml2/+/51e0cb2e5ec18eaf6fb331bc573ff27b743898f4
NOTE: Fix upstream: https://git.gnome.org/browse/libxml2/commit/?id=5dca9eea1bd4263bfa4d037ab2443de1cd730f7e
- NOTE: Fix upstream not yet complete as per 2017-06-17
+ NOTE: The upstream patch has the slight consequence that some port values end up
+ NOTE: negative when cast to a 32-bit int. A negative port though in the URL would
+ NOTE: make the URL invalid. It is discussed if instead it would be best to prevent
+ NOTE: the port from ever being negative. Upstream decided to leave the above patch.
CVE-2017-7375 [Missing validation for external entities in xmlParsePEReference]
RESERVED
{DLA-1008-1}
More information about the Secure-testing-commits
mailing list