[Secure-testing-commits] r58647 - data/CVE
Ola Lundqvist
opal at moszumanska.debian.org
Sun Dec 17 17:16:33 UTC 2017
Author: opal
Date: 2017-12-17 17:16:33 +0000 (Sun, 17 Dec 2017)
New Revision: 58647
Modified:
data/CVE/list
Log:
Triage result.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-17 15:04:51 UTC (rev 58646)
+++ data/CVE/list 2017-12-17 17:16:33 UTC (rev 58647)
@@ -4878,7 +4878,9 @@
NOTE: https://sources.debian.org/src/postbooks/4.7.0-3/guiclient/guiclient.cpp/?hl=1610#L1610
CVE-2017-17524 (library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings ...)
- swi-prolog <unfixed>
+ [wheezy] - swi-prolog <no-dsa> (Minor Issue)
NOTE: https://sources.debian.org/src/swi-prolog/7.2.3+dfsg-1/library/www_browser.pl/?hl=68#L68
+ NOTE: In wheezy it is technically possible to trigger an argument injection vulnerability however it is quoted in an unusual way which makes it highly unlikely that it going to be.
CVE-2017-17523 (lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings ...)
- lilypond <unfixed> (bug #884136)
[jessie] - lilypond <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list