[Secure-testing-commits] r52624 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Jun 16 19:04:52 UTC 2017
Author: carnil
Date: 2017-06-16 19:04:52 +0000 (Fri, 16 Jun 2017)
New Revision: 52624
Modified:
data/CVE/list
Log:
Update information for CVE-2017-9670/gnuplot
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-06-16 18:53:42 UTC (rev 52623)
+++ data/CVE/list 2017-06-16 19:04:52 UTC (rev 52624)
@@ -116,10 +116,14 @@
CVE-2017-9671
RESERVED
CVE-2017-9670 (An uninitialized stack variable vulnerability in load_tic_series() in ...)
- - gnuplot <undetermined>
+ - gnuplot <unfixed>
+ [jessie] - gnuplot <not-affected> (Vulnerable code introduced later)
+ [wheezy] - gnuplot <not-affected> (Vulnerable code introduced later)
NOTE: https://sourceforge.net/p/gnuplot/bugs/1933/
NOTE: The specific CVE is for the uninitialized stack variable fixed via set.c
- NOTE: Patch: https://sourceforge.net/p/gnuplot/bugs/_discuss/thread/44ec637c/af0f/attachment/uninitialized_variables_%28Bug1933%29.patch
+ NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1044638#c5
+ NOTE: Fixed by: https://github.com/gnuplot/gnuplot/commit/4e39b1d7b274c7d4a69cbaba85ff321264f4457e
+ NOTE: Introduced by: https://github.com/gnuplot/gnuplot/commit/cd4b777389379598740fc02decff772b0e7bcbd6
CVE-2017-9669
RESERVED
CVE-2017-9668
More information about the Secure-testing-commits
mailing list