[Secure-testing-commits] r58629 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Dec 17 08:12:42 UTC 2017
Author: carnil
Date: 2017-12-17 08:12:42 +0000 (Sun, 17 Dec 2017)
New Revision: 58629
Modified:
data/CVE/list
Log:
Mark CVE-2017-17535 as unimportant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-17 08:12:30 UTC (rev 58628)
+++ data/CVE/list 2017-12-17 08:12:42 UTC (rev 58629)
@@ -4836,10 +4836,8 @@
CVE-2017-17536 (Phabricator before 2017-11-10 does not block the --config and ...)
TODO: check
CVE-2017-17535 (lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before ...)
- - gjots2 <unfixed>
- [wheezy] - gjots2 <no-dsa> (Minor issue)
+ - gjots2 <unfixed> (unimportant)
NOTE: https://sources.debian.org/src/gjots2/2.4.1-2/lib/gui.py/?hl=2188#L2188
- NOTE: Classified as minor in wheezy as even though the function itself do not validate the url, the function that call do actually terminate on whitespace so the package is in practice not vulnerable.
CVE-2017-17534 (uiutil.c in Mensis 0.0.080507 does not validate strings before ...)
- mensis <removed>
[wheezy] - mensis <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list