[Secure-testing-commits] r55137 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Aug 28 04:35:00 UTC 2017
Author: carnil
Date: 2017-08-28 04:35:00 +0000 (Mon, 28 Aug 2017)
New Revision: 55137
Modified:
data/CVE/list
Log:
Add CVE-2017-12595/qpdf
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-28 04:29:43 UTC (rev 55136)
+++ data/CVE/list 2017-08-28 04:35:00 UTC (rev 55137)
@@ -3071,7 +3071,9 @@
- openexr <unfixed>
NOTE: https://github.com/openexr/openexr/issues/238
CVE-2017-12595 (The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and ...)
- TODO: check
+ - qpdf <unfixed>
+ NOTE: https://github.com/qpdf/qpdf/issues/146
+ NOTE: Fixed by: https://github.com/qpdf/qpdf/commit/ad527a64f93dca12f6aabab2ca99ae5eb352ab4b
CVE-2017-12594
RESERVED
CVE-2017-12593 (ASUS DSL-N10S V2.1.16_APAC devices allow CSRF. ...)
More information about the Secure-testing-commits
mailing list