[Secure-testing-commits] r58618 - data/CVE
Ola Lundqvist
opal at moszumanska.debian.org
Fri Dec 15 22:45:25 UTC 2017
Author: opal
Date: 2017-12-15 22:45:25 +0000 (Fri, 15 Dec 2017)
New Revision: 58618
Modified:
data/CVE/list
Log:
Triage result.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-15 22:37:16 UTC (rev 58617)
+++ data/CVE/list 2017-12-15 22:45:25 UTC (rev 58618)
@@ -4813,7 +4813,9 @@
NOTE: Classified as minor in wheezy as even though the function itself do not validate the url, the function that call do actually terminate on whitespace so the package is in practice not vulnerable.
CVE-2017-17534 (uiutil.c in Mensis 0.0.080507 does not validate strings before ...)
- mensis <removed>
+ [wheezy] - mensis <no-dsa> (Minor issue)
NOTE: https://sources.debian.org/src/mensis/0.0.080507-4/uiutil.c/?hl=293#L428
+ NOTE: The version in wheezy has a vulnerable help function. But the help function is only called with data that an attacker can not alter. In practice it is not possible to exploit the vulnerability.
CVE-2017-17533 (default.tcl in Tkabber 1.1 does not validate strings before launching ...)
- tkabber <unfixed>
NOTE: https://sources.debian.org/src/tkabber/1.1-1/default.tcl/?hl=118#L118
More information about the Secure-testing-commits
mailing list