[Secure-testing-commits] r58657 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Dec 17 19:51:11 UTC 2017
Author: carnil
Date: 2017-12-17 19:51:11 +0000 (Sun, 17 Dec 2017)
New Revision: 58657
Modified:
data/CVE/list
Log:
Mark CVE-2017-17513, negligible security impact
A user needs to open a scpecially crafted url via the problematik mtxrun
programms.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-17 19:43:30 UTC (rev 58656)
+++ data/CVE/list 2017-12-17 19:51:11 UTC (rev 58657)
@@ -4935,11 +4935,11 @@
- nip2 <unfixed> (unimportant)
NOTE: https://sources.debian.org/src/nip2/8.4.0-1/src/boxes.c/?hl=727#L727
CVE-2017-17513 (TeX Live through 20170524 does not validate strings before launching ...)
- - texlive-base <unfixed>
+ - texlive-base <unfixed> (unimportant)
[wheezy] - texlive-base <not-affected> (Vulnerable code do not exist)
- - texlive-bin <unfixed>
+ - texlive-bin <unfixed> (unimportant)
[wheezy] - texlive-bin <not-affected> (Vulnerable code do not exist)
- - context <unfixed>
+ - context <unfixed> (unimportant)
[wheezy] - context <not-affected> (Vulnerable code do not exist)
NOTE: https://sources.debian.org/src/texlive-base/2017.20171128-1/texmf-dist/tex/luatex/lualibs/lualibs-os.lua/#L153
NOTE: https://sources.debian.org/src/texlive-bin/2016.20160513.41080.dfsg-2/texk/texlive/linked_scripts/context/stubs/unix/mtxrun/#L3004
More information about the Secure-testing-commits
mailing list