[Secure-testing-commits] r58635 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Dec 17 08:19:44 UTC 2017
Author: carnil
Date: 2017-12-17 08:19:44 +0000 (Sun, 17 Dec 2017)
New Revision: 58635
Modified:
data/CVE/list
Log:
CVE-2017-17522: sort entries by source package
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-17 08:16:50 UTC (rev 58634)
+++ data/CVE/list 2017-12-17 08:19:44 UTC (rev 58635)
@@ -4884,6 +4884,7 @@
NOTE: https://sourceforge.net/p/testlilyissues/issues/5243/
CVE-2017-17522 (Lib/webbrowser.py in Python through 3.6.3 does not validate strings ...)
- jython <unfixed>
+ [wheezy] - jython <not-affected> (Vulnerable code is not provided in the binary package)
- python2.6 <removed>
- python2.7 <unfixed>
- python3.2 <removed>
@@ -4891,7 +4892,6 @@
- python3.5 <unfixed>
- python3.6 <unfixed>
- python3.7 <unfixed>
- [wheezy] - jython <not-affected> (Vulnerable code is not provided in the binary package)
NOTE: Lib/webbrowser.py does not validate strings before launching the program
NOTE: specified by the BROWSER environment variable.
CVE-2017-17521 (uiutil.c in FontForge through 20170731 does not validate strings before ...)
More information about the Secure-testing-commits
mailing list