[Secure-testing-commits] r55019 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Aug 24 08:06:21 UTC 2017


Author: carnil
Date: 2017-08-24 08:06:21 +0000 (Thu, 24 Aug 2017)
New Revision: 55019

Modified:
   data/CVE/list
Log:
Update information for CVE-2017-12858/libzip

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-08-24 07:13:14 UTC (rev 55018)
+++ data/CVE/list	2017-08-24 08:06:21 UTC (rev 55019)
@@ -2220,8 +2220,9 @@
 CVE-2017-12859 (NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS ...)
 	NOT-FOR-US: NetApp
 CVE-2017-12858 (Double free vulnerability in the _zip_dirent_read function in ...)
-	- libzip <unfixed>
-	NOTE: https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796
+	- libzip <not-affected> (Vulnerable code introduced later)
+	NOTE: Introduced after: https://github.com/nih-at/libzip/commit/796c5968ad679220db3fb65ec6f48c66e554e5d5 (rel-1-2-0)
+	NOTE: Fixed by: https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796
 CVE-2017-12857
 	RESERVED
 CVE-2017-12856




More information about the Secure-testing-commits mailing list