[Secure-testing-commits] r52636 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Jun 17 06:33:30 UTC 2017


Author: carnil
Date: 2017-06-17 06:33:30 +0000 (Sat, 17 Jun 2017)
New Revision: 52636

Modified:
   data/CVE/list
Log:
Add CVE-2017-7375

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-06-17 06:33:18 UTC (rev 52635)
+++ data/CVE/list	2017-06-17 06:33:30 UTC (rev 52636)
@@ -6787,8 +6787,12 @@
 	NOTE: Android patch: https://android.googlesource.com/platform/external/libxml2/+/51e0cb2e5ec18eaf6fb331bc573ff27b743898f4
 	NOTE: Fix upstream: https://git.gnome.org/browse/libxml2/commit/?id=5dca9eea1bd4263bfa4d037ab2443de1cd730f7e
 	NOTE: Fix upstream not yet complete as per 2017-06-17
-CVE-2017-7375
+CVE-2017-7375 [Missing validation for external entities in xmlParsePEReference]
 	RESERVED
+	- libxml2 <unfixed>
+	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780691 (not yet public)
+	NOTE: Android patch: https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa
+	NOTE: Fix upstream: https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e
 CVE-2017-7374 (Use-after-free vulnerability in fs/crypto/ in the Linux kernel before ...)
 	- linux 4.9.25-1
 	[jessie] - linux <not-affected> (Vulnerable code not present; Introduced in 4.2-rc1)




More information about the Secure-testing-commits mailing list