[Secure-testing-commits] r57744 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Nov 17 19:45:47 UTC 2017
Author: carnil
Date: 2017-11-17 19:45:46 +0000 (Fri, 17 Nov 2017)
New Revision: 57744
Modified:
data/CVE/list
Log:
Update information for CVE-2017-1000158/python2.7
Add python2.6 which has the same code.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-17 19:30:28 UTC (rev 57743)
+++ data/CVE/list 2017-11-17 19:45:46 UTC (rev 57744)
@@ -112,9 +112,11 @@
CVE-2017-1000160 (EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting ...)
NOT-FOR-US: EllisLab ExpressionEngine
CVE-2017-1000158 (CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow ...)
- - python2.7 <unfixed>
- TODO: check other versions
+ - python2.7 2.7.13-4
+ - python2.6 <removed>
NOTE: https://bugs.python.org/issue30657
+ NOTE: https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae
+ NOTE: The 2.7.13-4 upload included the commit in debian/patches/git-updates.diff
CVE-2017-1000129 (Serendipity 2.0.3 is vulnerable to a SQL injection in the blog ...)
- serendipity <removed>
CVE-2017-1000125 (Codiad(full version) is vulnerable to write anything to configure file ...)
More information about the Secure-testing-commits
mailing list