[Secure-testing-commits] r58338 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Dec 7 19:29:48 UTC 2017
Author: carnil
Date: 2017-12-07 19:29:48 +0000 (Thu, 07 Dec 2017)
New Revision: 58338
Modified:
data/CVE/list
Log:
Hint to the fix for CVE-2017-16926
The commit changes ohcount to use libmagic instead of spawning a process
to run file and allowing the injection.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-07 19:15:38 UTC (rev 58337)
+++ data/CVE/list 2017-12-07 19:29:48 UTC (rev 58338)
@@ -3643,6 +3643,7 @@
- ohcount <unfixed> (bug #882372)
[stretch] - ohcount <no-dsa> (Minor issue)
[jessie] - ohcount <no-dsa> (Minor issue)
+ NOTE: https://github.com/blackducksoftware/ohcount/commit/6bed45d6fb7c080ae5c163c12b4eb8749a3492ac (v3.1.0)
CVE-2017-16925
RESERVED
CVE-2017-16924
More information about the Secure-testing-commits
mailing list