[Secure-testing-commits] r58928 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue Dec 26 10:01:07 UTC 2017


Author: carnil
Date: 2017-12-26 10:01:07 +0000 (Tue, 26 Dec 2017)
New Revision: 58928

Modified:
   data/CVE/list
Log:
Update information for CVE-2017-17536/phabricator

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-26 09:10:19 UTC (rev 58927)
+++ data/CVE/list	2017-12-26 10:01:07 UTC (rev 58928)
@@ -5526,7 +5526,11 @@
 CVE-2018-1341
 	RESERVED
 CVE-2017-17536 (Phabricator before 2017-11-10 does not block the --config and ...)
-	- phabricator <unfixed>
+	- phabricator <unfixed> (unimportant)
+	NOTE: Fixed by: https://github.com/phacility/phabricator/commit/a7921a4448093d00defa8bd18f35b8c8f8bf3314
+	NOTE: Starting with 0~git20160726-3 the Phabricator package is not built
+	NOTE: The issue is unfixed in the source up to 0~git20170812-1
+	NOTE: Fixed in 0~git20171202-1 (not yet accepted from NEW)
 CVE-2017-17535 (lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before ...)
 	- gjots2 <unfixed> (unimportant)
 	NOTE: https://sources.debian.org/src/gjots2/2.4.1-2/lib/gui.py/?hl=2188#L2188




More information about the Secure-testing-commits mailing list