[Secure-testing-commits] r57319 - data/CVE
Markus Koschany
apo at moszumanska.debian.org
Sat Nov 4 20:25:11 UTC 2017
Author: apo
Date: 2017-11-04 20:25:10 +0000 (Sat, 04 Nov 2017)
New Revision: 57319
Modified:
data/CVE/list
Log:
CVE-2017-14604,nautilus: no-dsa for Wheezy
According to the discussion in Debian's bug report this issue is mitigated in
Wheezy's version of Nautilus and users are explicitly asked if they want to launch
the file.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-04 19:17:14 UTC (rev 57318)
+++ data/CVE/list 2017-11-04 20:25:10 UTC (rev 57319)
@@ -5319,6 +5319,7 @@
{DSA-3994-1}
- nautilus 3.25.90-1 (bug #860268)
[jessie] - nautilus <no-dsa> (Minor issue, issue mitigated because does not silently decompress tarballs)
+ [wheezy] - nautilus <no-dsa> (Minor issue, issue mitigated because does not silently decompress tarballs)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777991
NOTE: https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/
NOTE: https://github.com/freedomofpress/securedrop/issues/2238
More information about the Secure-testing-commits
mailing list