[Secure-testing-commits] r57471 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Nov 8 21:40:27 UTC 2017


Author: jmm
Date: 2017-11-08 21:40:26 +0000 (Wed, 08 Nov 2017)
New Revision: 57471

Modified:
   data/CVE/list
Log:
emacs CVE ID is nonsense


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-11-08 21:40:04 UTC (rev 57470)
+++ data/CVE/list	2017-11-08 21:40:26 UTC (rev 57471)
@@ -998,14 +998,8 @@
 CVE-2017-16242
 	RESERVED
 CVE-2017-1000383 (GNU Emacs version 25.3.1 (and other versions most likely) ignores ...)
-	- emacs25 <unfixed>
-	[stretch] - emacs25 <no-dsa> (Minor issue)
-	- emacs24 <removed>
-	[stretch] - emacs24 <no-dsa> (Minor issue)
-	[jessie] - emacs24 <no-dsa> (Minor issue)
-	- emacs23 <removed>
-	[wheezy] - emacs23 <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/10/31/15
+	NOTE: This CVE assignment is nonsense, GNU emacs reuses the umask of the original
+	NOTE: file when creating a backup file. That's hardly incorrect behaviour
 CVE-2017-1000382 (VIM version 8.0.1187 (and other versions most likely) ignores umask ...)
 	- vim <unfixed>
 	[stretch] - vim <no-dsa> (Minor issue)




More information about the Secure-testing-commits mailing list