[Secure-testing-commits] r58627 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sun Dec 17 08:12:10 UTC 2017


Author: carnil
Date: 2017-12-17 08:12:10 +0000 (Sun, 17 Dec 2017)
New Revision: 58627

Modified:
   data/CVE/list
Log:
Mark fontforge issue as unimportant

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-16 23:49:40 UTC (rev 58626)
+++ data/CVE/list	2017-12-17 08:12:10 UTC (rev 58627)
@@ -4898,10 +4898,8 @@
 	NOTE: Lib/webbrowser.py does not validate strings before launching the program
 	NOTE: specified by the BROWSER environment variable.
 CVE-2017-17521 (uiutil.c in FontForge through 20170731 does not validate strings before ...)
-	- fontforge <unfixed>
-	[wheezy] - fontforge <no-dsa> (Minor issue)
+	- fontforge <unfixed> (unimportant)
 	NOTE: https://sources.debian.org/src/fontforge/1:20170731%7Edfsg-1/fontforgeexe/uiutil.c/#L285
-	NOTE: Classified as minor in wheezy as all calls to this function is with input data that the user do not have control of. The user has control over the browser variable that but that should not be considered as a problem.
 CVE-2017-17520 (** DISPUTED ** tools/url_handler.pl in TIN 2.4.1 does not validate ...)
 	- tin <unfixed> (unimportant)
 	NOTE: https://sources.debian.org/src/tin/1:2.4.1-1/tools/url_handler.pl/?hl=120#L120




More information about the Secure-testing-commits mailing list