[Secure-testing-commits] r51362 - data/CVE
Emilio Pozuelo Monfort
pochu at moszumanska.debian.org
Sat May 6 10:03:38 UTC 2017
Author: pochu
Date: 2017-05-06 10:03:38 +0000 (Sat, 06 May 2017)
New Revision: 51362
Modified:
data/CVE/list
Log:
CVE-2017-8288/gnome-shell: mark as no-dsa
This bug is hard to trigger, and it can only be exploited with
physical access and if the user has an extension that somehow
allows to execute arbitrary commands (e.g. some sort of launcher).
For jessie I discussed this with Salvatore.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-06 09:53:55 UTC (rev 51361)
+++ data/CVE/list 2017-05-06 10:03:38 UTC (rev 51362)
@@ -1193,6 +1193,8 @@
NOT-FOR-US: RIOS OS
CVE-2017-8288 (gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to ...)
- gnome-shell 3.22.3-3
+ [jessie] - gnome-shell <no-dsa> (Minor issue)
+ [wheezy] - gnome-shell <no-dsa> (Minor issue)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781728
NOTE: https://github.com/GNOME/gnome-shell/commit/ff425d1db7082e2755d2a405af53861552acf2a1
CVE-2017-8305 (The UDFclient (before 0.8.8) custom strlcpy implementation has a buffer ...)
More information about the Secure-testing-commits
mailing list