[Secure-testing-commits] r52636 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Jun 17 06:33:30 UTC 2017
Author: carnil
Date: 2017-06-17 06:33:30 +0000 (Sat, 17 Jun 2017)
New Revision: 52636
Modified:
data/CVE/list
Log:
Add CVE-2017-7375
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-06-17 06:33:18 UTC (rev 52635)
+++ data/CVE/list 2017-06-17 06:33:30 UTC (rev 52636)
@@ -6787,8 +6787,12 @@
NOTE: Android patch: https://android.googlesource.com/platform/external/libxml2/+/51e0cb2e5ec18eaf6fb331bc573ff27b743898f4
NOTE: Fix upstream: https://git.gnome.org/browse/libxml2/commit/?id=5dca9eea1bd4263bfa4d037ab2443de1cd730f7e
NOTE: Fix upstream not yet complete as per 2017-06-17
-CVE-2017-7375
+CVE-2017-7375 [Missing validation for external entities in xmlParsePEReference]
RESERVED
+ - libxml2 <unfixed>
+ NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780691 (not yet public)
+ NOTE: Android patch: https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa
+ NOTE: Fix upstream: https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e
CVE-2017-7374 (Use-after-free vulnerability in fs/crypto/ in the Linux kernel before ...)
- linux 4.9.25-1
[jessie] - linux <not-affected> (Vulnerable code not present; Introduced in 4.2-rc1)
More information about the Secure-testing-commits
mailing list