[Secure-testing-commits] r53584 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Jul 17 19:34:19 UTC 2017
Author: carnil
Date: 2017-07-17 19:34:19 +0000 (Mon, 17 Jul 2017)
New Revision: 53584
Modified:
data/CVE/list
Log:
Add CVE-2017-10978
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-17 19:33:06 UTC (rev 53583)
+++ data/CVE/list 2017-07-17 19:34:19 UTC (rev 53584)
@@ -1207,8 +1207,12 @@
NOTE: Mark as fixed in 3.0.12+dfsg-3 the first 3.x version in unstable
NOTE: This is not fully technically correct, the issue affects only the 2.x
NOTE: series but not 3.x.
-CVE-2017-10978
+CVE-2017-10978 [Read / write overflow in make_secret()]
RESERVED
+ - freeradius <unfixed>
+ NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-201
+ NOTE: 2.x: https://github.com/FreeRADIUS/freeradius-server/commit/38ee90f2a5a28dc5887a30bdfdc98109c0418e68
+ NOTE: 3.x: https://github.com/FreeRADIUS/freeradius-server/commit/fc8662d7e827f630d515eaa0bddfa94754c8047f
CVE-2017-1000082 (systemd v233 and earlier fails to safely parse usernames starting with ...)
- systemd <unfixed> (unimportant)
[jessie] - systemd <not-affected> (Vulnerable code introduced in systemd-229)
More information about the Secure-testing-commits
mailing list