[Secure-testing-commits] r58689 - data/CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Tue Dec 19 11:43:36 UTC 2017
Author: hertzog
Date: 2017-12-19 11:43:36 +0000 (Tue, 19 Dec 2017)
New Revision: 58689
Modified:
data/CVE/list
Log:
Mark CVE-2017-17534 as not-affected
There is no security issue here. I asked Mitre to reject the CVE.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-19 11:33:23 UTC (rev 58688)
+++ data/CVE/list 2017-12-19 11:43:36 UTC (rev 58689)
@@ -4947,8 +4947,10 @@
- mensis <removed> (unimportant)
NOTE: https://sources.debian.org/src/mensis/0.0.080507-4/uiutil.c/?hl=293#L428
CVE-2017-17533 (default.tcl in Tkabber 1.1 does not validate strings before launching ...)
- - tkabber <unfixed>
+ - tkabber <not-affected>
NOTE: https://sources.debian.org/src/tkabber/1.1-1/default.tcl/?hl=118#L118
+ NOTE: TCL's exec call does not involve the shell. It does its own argument parsing which safely forwards the content of any variable. No command injection is thus possible. See https://tcl.tk/man/tcl/TclCmd/exec.htm
+ NOTE: I sent a rejection request to MITRE. -- Raphael Hertzog
CVE-2017-17532 (examples/framework/news/news3.py in Kiwi 1.9.22 does not validate ...)
- kiwi <unfixed> (unimportant)
NOTE: https://sources.debian.org/src/kiwi/1.9.22-4/examples/framework/news/news3.py/?hl=88#L88
More information about the Secure-testing-commits
mailing list