[Secure-testing-commits] r58610 - in data: . CVE
Ola Lundqvist
opal at moszumanska.debian.org
Fri Dec 15 20:59:09 UTC 2017
Author: opal
Date: 2017-12-15 20:59:09 +0000 (Fri, 15 Dec 2017)
New Revision: 58610
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Triage result.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-15 19:29:33 UTC (rev 58609)
+++ data/CVE/list 2017-12-15 20:59:09 UTC (rev 58610)
@@ -2457,7 +2457,9 @@
NOTE: specified by the BROWSER environment variable.
CVE-2017-17521 (uiutil.c in FontForge through 20170731 does not validate strings before ...)
- fontforge <unfixed>
+ [wheezy] - fontforge <no-dsa> (Minor issue)
NOTE: https://sources.debian.org/src/fontforge/1:20170731%7Edfsg-1/fontforgeexe/uiutil.c/#L285
+ NOTE: Classified as minor in wheezy as all calls to this function is with input data that the user do not have control of. The user has control over the browser variable that but that should not be considered as a problem.
CVE-2017-17520 (** DISPUTED ** tools/url_handler.pl in TIN 2.4.1 does not validate ...)
- tin <unfixed> (unimportant)
NOTE: https://sources.debian.org/src/tin/1:2.4.1-1/tools/url_handler.pl/?hl=120#L120
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-12-15 19:29:33 UTC (rev 58609)
+++ data/dla-needed.txt 2017-12-15 20:59:09 UTC (rev 58610)
@@ -10,6 +10,8 @@
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
+abiword
+--
asterisk
--
ca-certificates
More information about the Secure-testing-commits
mailing list