[Secure-testing-commits] r58535 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Dec 13 21:15:58 UTC 2017
Author: carnil
Date: 2017-12-13 21:15:58 +0000 (Wed, 13 Dec 2017)
New Revision: 58535
Modified:
data/CVE/list
Log:
Add CVE-2017-17522/python
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-13 21:10:13 UTC (rev 58534)
+++ data/CVE/list 2017-12-13 21:15:58 UTC (rev 58535)
@@ -344,8 +344,18 @@
[jessie] - lilypond <no-dsa> (Minor issue)
[wheezy] - lilypond <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/testlilyissues/issues/5243/
-CVE-2017-17522
+CVE-2017-17522 [argument injection]
RESERVED
+ - jython <unfixed>
+ - python2.6 <removed>
+ - python2.7 <unfixed>
+ - python3.2 <removed>
+ - python3.4 <removed>
+ - python3.5 <unfixed>
+ - python3.6 <unfixed>
+ - python3.7 <unfixed>
+ NOTE: Lib/webbrowser.py does not validate strings before launching the program
+ NOTE: specified by the BROWSER environment variable.
CVE-2017-17521 [argument injection]
RESERVED
- fontforge <unfixed>
More information about the Secure-testing-commits
mailing list