[Secure-testing-commits] r58633 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sun Dec 17 08:13:27 UTC 2017


Author: carnil
Date: 2017-12-17 08:13:27 +0000 (Sun, 17 Dec 2017)
New Revision: 58633

Modified:
   data/CVE/list
Log:
Mark CVE-2017-17519 as uniportant

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-17 08:13:16 UTC (rev 58632)
+++ data/CVE/list	2017-12-17 08:13:27 UTC (rev 58633)
@@ -4904,10 +4904,8 @@
 	NOTE: into abosulte ones. If you use url_handler.pl from other applications be sure to
 	NOTE: at least shell escaped its input.
 CVE-2017-17519 (batteriesConfig.mlp in OCaml Batteries Included (aka ocaml-batteries) ...)
-	- ocaml-batteries <unfixed>
-	[wheezy] - ocaml-batteries <no-dsa> (Minor issue)
+	- ocaml-batteries <unfixed> (unimportant)
 	NOTE: https://sources.debian.org/src/ocaml-batteries/2.6.0-1/src/batteriesConfig.mlp/?hl=23#L23
-	NOTE: The motivation for being minor in wheezt is that it is only for browsing help pages so the attack vector is limited.
 CVE-2017-17518 (swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not ...)
 	- whitedune <unfixed>
 	[wheezy] - whitedune <no-dsa> (Minor issue. Vulnerable code present but an attacker can not control the URL so it is impossible to trigger it)




More information about the Secure-testing-commits mailing list