[Secure-testing-commits] r58600 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Dec 15 09:28:01 UTC 2017
Author: carnil
Date: 2017-12-15 09:28:01 +0000 (Fri, 15 Dec 2017)
New Revision: 58600
Modified:
data/CVE/list
Log:
Sync CVE-2017-16355 entry until status clarified with MITRE
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-15 09:17:13 UTC (rev 58599)
+++ data/CVE/list 2017-12-15 09:28:01 UTC (rev 58600)
@@ -8488,8 +8488,12 @@
CVE-2017-16355 (In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed ...)
- passenger <unfixed>
- ruby-passenger <removed>
+ [jessie] - ruby-passenger <no-dsa> (Minor issue)
+ [wheezy] - ruby-passenger <not-affected> (Vulnerable code introduced later)
NOTE: https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/
NOTE: https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf
+ NOTE: Problem mitigated in versions prior to 5.0.10 where root privileges were required to
+ NOTE: get the status information.
TODO: check, possibly a duplicate of CVE-2017-1000384, clarification with MITRE pending
CVE-2017-16354
RESERVED
More information about the Secure-testing-commits
mailing list