[Secure-testing-commits] r58627 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Dec 17 08:12:10 UTC 2017
Author: carnil
Date: 2017-12-17 08:12:10 +0000 (Sun, 17 Dec 2017)
New Revision: 58627
Modified:
data/CVE/list
Log:
Mark fontforge issue as unimportant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-16 23:49:40 UTC (rev 58626)
+++ data/CVE/list 2017-12-17 08:12:10 UTC (rev 58627)
@@ -4898,10 +4898,8 @@
NOTE: Lib/webbrowser.py does not validate strings before launching the program
NOTE: specified by the BROWSER environment variable.
CVE-2017-17521 (uiutil.c in FontForge through 20170731 does not validate strings before ...)
- - fontforge <unfixed>
- [wheezy] - fontforge <no-dsa> (Minor issue)
+ - fontforge <unfixed> (unimportant)
NOTE: https://sources.debian.org/src/fontforge/1:20170731%7Edfsg-1/fontforgeexe/uiutil.c/#L285
- NOTE: Classified as minor in wheezy as all calls to this function is with input data that the user do not have control of. The user has control over the browser variable that but that should not be considered as a problem.
CVE-2017-17520 (** DISPUTED ** tools/url_handler.pl in TIN 2.4.1 does not validate ...)
- tin <unfixed> (unimportant)
NOTE: https://sources.debian.org/src/tin/1:2.4.1-1/tools/url_handler.pl/?hl=120#L120
More information about the Secure-testing-commits
mailing list