[Secure-testing-commits] r58983 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Dec 28 08:52:27 UTC 2017


Author: carnil
Date: 2017-12-28 08:52:27 +0000 (Thu, 28 Dec 2017)
New Revision: 58983

Modified:
   data/CVE/list
Log:
Add TODO for CVE-2017-7559

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-28 08:40:54 UTC (rev 58982)
+++ data/CVE/list	2017-12-28 08:52:27 UTC (rev 58983)
@@ -38233,6 +38233,7 @@
 	- undertow <undetermined>
 	NOTE: For an incomplete fix of CVE-2017-2666
 	NOTE: Invalid characters were still allowed in the query string and path parameters.
+	TODO: check, asked for clarification to Red Hat: https://bugzilla.redhat.com/show_bug.cgi?id=1481665#c7
 CVE-2017-7558 [sctp: out-of-bounds read in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info()]
 	RESERVED
 	- linux 4.12.13-1




More information about the Secure-testing-commits mailing list