[Secure-testing-commits] r58705 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Dec 19 21:17:03 UTC 2017
Author: carnil
Date: 2017-12-19 21:17:03 +0000 (Tue, 19 Dec 2017)
New Revision: 58705
Modified:
data/CVE/list
Log:
CVE-2017-17533 will not be fully REJECTED by MITRE
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-19 21:10:14 UTC (rev 58704)
+++ data/CVE/list 2017-12-19 21:17:03 UTC (rev 58705)
@@ -4978,10 +4978,12 @@
- mensis <removed> (unimportant)
NOTE: https://sources.debian.org/src/mensis/0.0.080507-4/uiutil.c/?hl=293#L428
CVE-2017-17533 (** DISPUTED ** default.tcl in Tkabber 1.1 does not validate strings ...)
- - tkabber <not-affected>
+ NOTE: Originally assigned for src:tkabber
NOTE: https://sources.debian.org/src/tkabber/1.1-1/default.tcl/?hl=118#L118
- NOTE: TCL's exec call does not involve the shell. It does its own argument parsing which safely forwards the content of any variable. No command injection is thus possible. See https://tcl.tk/man/tcl/TclCmd/exec.htm
- NOTE: I sent a rejection request to MITRE. -- Raphael Hertzog
+ NOTE: TCL's exec call does not involve the shell. It does its own argument parsing
+ NOTE: which safely forwards the content of any variable. No command injection is
+ NOTE: thus possible. See https://tcl.tk/man/tcl/TclCmd/exec.htm
+ NOTE: MITRE only considers this as DISPUTED rather than fully REJECT The CVE.
CVE-2017-17532 (examples/framework/news/news3.py in Kiwi 1.9.22 does not validate ...)
- kiwi <unfixed> (unimportant)
NOTE: https://sources.debian.org/src/kiwi/1.9.22-4/examples/framework/news/news3.py/?hl=88#L88
More information about the Secure-testing-commits
mailing list