[Secure-testing-commits] r58794 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Dec 21 12:53:21 UTC 2017


Author: carnil
Date: 2017-12-21 12:53:21 +0000 (Thu, 21 Dec 2017)
New Revision: 58794

Modified:
   data/CVE/list
Log:
Update information on CVE-2017-17529

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-21 12:52:08 UTC (rev 58793)
+++ data/CVE/list	2017-12-21 12:53:21 UTC (rev 58794)
@@ -5262,7 +5262,11 @@
 	NOTE: https://sources.debian.org/src/geomview/1.9.5-1/src/bin/geomview/common/help.c/?hl=51#L83
 CVE-2017-17529 (af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings ...)
 	- abiword <unfixed>
+	[stretch] - abiword <no-dsa> (Minor issue)
+	[jessie] - abiword <no-dsa> (Minor issue)
 	NOTE: https://sources.debian.org/src/abiword/3.0.2-5/src/af/util/xp/ut_go_file.cpp/#L1717
+	NOTE: Issue can be mitigated by compiling abiword in future with --with-gnomevfs so that
+	NOTE: abiword does not use the problematic fallback_open_uri.
 CVE-2017-17528 (backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not ...)
 	- scummvm <unfixed> (unimportant)
 	[wheezy] - scummvm <not-affected> (Vulnerable code not there)




More information about the Secure-testing-commits mailing list