[Secure-testing-commits] r58938 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Dec 26 13:26:09 UTC 2017
Author: carnil
Date: 2017-12-26 13:26:09 +0000 (Tue, 26 Dec 2017)
New Revision: 58938
Modified:
data/CVE/list
Log:
Mark CVE-2017-1000382 as unimportant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-26 13:19:59 UTC (rev 58937)
+++ data/CVE/list 2017-12-26 13:26:09 UTC (rev 58938)
@@ -11941,11 +11941,12 @@
NOTE: file when creating a backup file. That's hardly incorrect behaviour
NOTE: Upstream report: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=29182
CVE-2017-1000382 (VIM version 8.0.1187 (and other versions most likely) ignores umask ...)
- - vim <unfixed>
- [stretch] - vim <no-dsa> (Minor issue)
- [jessie] - vim <no-dsa> (Minor issue)
- [wheezy] - vim <no-dsa> (Minor issue)
+ - vim <unfixed> (unimportant)
NOTE: http://www.openwall.com/lists/oss-security/2017/10/31/15
+ NOTE: Cf. http://www.openwall.com/lists/oss-security/2017/11/01/4
+ NOTE: vim creates the .swp file according to the permissions of the file being
+ NOTE: edited, admitely ignoring the umask, so in the reporters case the .swp
+ NOTE: file is readable by others. But that seem to be the intended behaviour.
CVE-2017-16248 (The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows ...)
- libcatalyst-plugin-static-simple-perl 0.34-1 (bug #880458)
[stretch] - libcatalyst-plugin-static-simple-perl <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list