[Secure-testing-commits] r58632 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Dec 17 08:13:16 UTC 2017
Author: carnil
Date: 2017-12-17 08:13:16 +0000 (Sun, 17 Dec 2017)
New Revision: 58632
Modified:
data/CVE/list
Log:
Mark CVE-2017-17534 as unimportant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-17 08:13:04 UTC (rev 58631)
+++ data/CVE/list 2017-12-17 08:13:16 UTC (rev 58632)
@@ -4839,10 +4839,8 @@
- gjots2 <unfixed> (unimportant)
NOTE: https://sources.debian.org/src/gjots2/2.4.1-2/lib/gui.py/?hl=2188#L2188
CVE-2017-17534 (uiutil.c in Mensis 0.0.080507 does not validate strings before ...)
- - mensis <removed>
- [wheezy] - mensis <no-dsa> (Minor issue)
+ - mensis <removed> (unimportant)
NOTE: https://sources.debian.org/src/mensis/0.0.080507-4/uiutil.c/?hl=293#L428
- NOTE: The version in wheezy has a vulnerable help function. But the help function is only called with data that an attacker can not alter. In practice it is not possible to exploit the vulnerability.
CVE-2017-17533 (default.tcl in Tkabber 1.1 does not validate strings before launching ...)
- tkabber <unfixed>
NOTE: https://sources.debian.org/src/tkabber/1.1-1/default.tcl/?hl=118#L118
More information about the Secure-testing-commits
mailing list