[Secure-testing-commits] r58794 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Dec 21 12:53:21 UTC 2017
Author: carnil
Date: 2017-12-21 12:53:21 +0000 (Thu, 21 Dec 2017)
New Revision: 58794
Modified:
data/CVE/list
Log:
Update information on CVE-2017-17529
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-21 12:52:08 UTC (rev 58793)
+++ data/CVE/list 2017-12-21 12:53:21 UTC (rev 58794)
@@ -5262,7 +5262,11 @@
NOTE: https://sources.debian.org/src/geomview/1.9.5-1/src/bin/geomview/common/help.c/?hl=51#L83
CVE-2017-17529 (af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings ...)
- abiword <unfixed>
+ [stretch] - abiword <no-dsa> (Minor issue)
+ [jessie] - abiword <no-dsa> (Minor issue)
NOTE: https://sources.debian.org/src/abiword/3.0.2-5/src/af/util/xp/ut_go_file.cpp/#L1717
+ NOTE: Issue can be mitigated by compiling abiword in future with --with-gnomevfs so that
+ NOTE: abiword does not use the problematic fallback_open_uri.
CVE-2017-17528 (backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not ...)
- scummvm <unfixed> (unimportant)
[wheezy] - scummvm <not-affected> (Vulnerable code not there)
More information about the Secure-testing-commits
mailing list