[Secure-testing-commits] r53459 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Jul 13 20:23:58 UTC 2017
Author: carnil
Date: 2017-07-13 20:23:58 +0000 (Thu, 13 Jul 2017)
New Revision: 53459
Modified:
data/CVE/list
Log:
Add CVE-2017-11164/pcre3
Mark it as pcre3 specific, without touching pcre2. Most likely to be
marked unimportant, as upstream does not consider such class of issues
as vulnerabilities with infinite recursion possiblity when parsing
crafted regular expressions.
Please double-check.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-13 20:20:36 UTC (rev 53458)
+++ data/CVE/list 2017-07-13 20:23:58 UTC (rev 53459)
@@ -130,7 +130,9 @@
CVE-2017-11165 (dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive ...)
NOT-FOR-US: dataTaker
CVE-2017-11164 (In PCRE 8.41, the OP_KETRMAX feature in the match function in ...)
- TODO: check
+ - pcre3 <unfixed>
+ NOTE: http://openwall.com/lists/oss-security/2017/07/11/3
+ TODO: check, most likely to be marked unimportant, as per referenced thread
CVE-2017-11163 (Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in ...)
- cacti 1.1.12+ds1-1 (bug #868080)
[stretch] - cacti <not-affected> (Vulnerable code introduced later)
More information about the Secure-testing-commits
mailing list