[Secure-testing-commits] r52337 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Jun 5 18:19:51 UTC 2017
Author: carnil
Date: 2017-06-05 18:19:51 +0000 (Mon, 05 Jun 2017)
New Revision: 52337
Modified:
data/CVE/list
Log:
Revert one change for CVE-2017-8359 but add NOTE/TODO to clarify
Note for reviewers: I might be wrong but the commit
6544a2d5d9ecdb64214da1d228886a7d15bbf5c7 is not applied to the grpc in
Debian. Is there any other reason the issue should be fixed in the
1.2.5-1+nmu0 version?
If so please correct and remove the TODO item again.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-06-05 18:16:12 UTC (rev 52336)
+++ data/CVE/list 2017-06-05 18:19:51 UTC (rev 52337)
@@ -3025,8 +3025,10 @@
CVE-2017-8360 (Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ...)
NOT-FOR-US: Conexant Systems mictray64 task
CVE-2017-8359 (Google gRPC before 2017-03-29 has an out-of-bounds write caused by a ...)
- - grpc 1.2.5-1+nmu0
+ - grpc <unfixed>
NOTE: https://github.com/grpc/grpc/pull/10353
+ NOTE: Fixed by: https://github.com/grpc/grpc/commit/6544a2d5d9ecdb64214da1d228886a7d15bbf5c7
+ TODO: double check again, does not seem to be applied up to 1.2.5-1+nmu0
CVE-2017-8358 (LibreOffice before 2017-03-17 has an out-of-bounds write caused by a ...)
- libreoffice <not-affected> (Vulnerable code introduced on 2017-03-15; never in released version)
NOTE: Fixed by: https://github.com/LibreOffice/core/commit/6e6e54f944a5ebb49e9110bdeff844d00a96c56c
More information about the Secure-testing-commits
mailing list