[Secure-testing-commits] r58661 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sun Dec 17 20:05:37 UTC 2017


Author: carnil
Date: 2017-12-17 20:05:35 +0000 (Sun, 17 Dec 2017)
New Revision: 58661

Modified:
   data/CVE/list
Log:
Mark CVE-2017-17517 as unimportant

Negligible security impact. Furthermore the Debian packaging fixes
DEFAULT_BROWSER_CMD to "sensible-browser '%s'".

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-17 20:00:05 UTC (rev 58660)
+++ data/CVE/list	2017-12-17 20:05:35 UTC (rev 58661)
@@ -4922,8 +4922,7 @@
 	[wheezy] - whitedune <no-dsa> (Minor issue. Vulnerable code present but an attacker can not control the URL so it is impossible to trigger it)
 	NOTE: https://sources.debian.org/src/whitedune/0.30.10-2.1/src/swt/motif/browser.c/?hl=159#L214
 CVE-2017-17517 (libsylph/utils.c in Sylpheed through 3.6 does not validate strings ...)
-	- sylpheed <unfixed>
-	[wheezy] - sylpheed <no-dsa> (Minor issue)
+	- sylpheed <unfixed> (unimportant)
 	NOTE: https://sources.debian.org/src/sylpheed/3.5.1-1/libsylph/utils.c/?hl=4292#L4292
 CVE-2017-17516 (scripts/inspect_webbrowser.py in Reddit Terminal Viewer (RTV) 1.19.0 ...)
 	- rtv <unfixed> (unimportant)




More information about the Secure-testing-commits mailing list