[Secure-testing-commits] r57835 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Nov 19 19:24:14 UTC 2017
Author: carnil
Date: 2017-11-19 19:24:14 +0000 (Sun, 19 Nov 2017)
New Revision: 57835
Modified:
data/CVE/list
Log:
Mark CVE-2017-15994 as not-affected
As argued in previous commit message follow Thorsten Alteholz analysis.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-19 19:22:54 UTC (rev 57834)
+++ data/CVE/list 2017-11-19 19:24:14 UTC (rev 57835)
@@ -2872,11 +2872,7 @@
CVE-2014-10064
RESERVED
CVE-2017-15994 (rsync 3.1.3-development before 2017-10-24, as used in the xlucas svfs ...)
- - rsync <unfixed>
- [buster] - rsync <not-affected> (vulnerable code only in development version, but not released)
- [stretch] - rsync <not-affected> (vulnerable code only in development version, but not released)
- [jessie] - rsync <not-affected> (vulnerable code only in development version, but not released)
- [wheezy] - rsync <not-affected> (vulnerable code only in development version, but not released)
+ - rsync <not-affected> (Problematic code to allow checksum choice only introduced after 3.1.2 release)
NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=7b8a4ecd6ff9cdf4e5d3850ebf822f1e989255b3
NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=9a480deec4d20277d8e20bc55515ef0640ca1e55
NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=c252546ceeb0925eb8a4061315e3ff0a8c55b48b
More information about the Secure-testing-commits
mailing list