[Secure-testing-commits] r57855 - data/CVE

Paul Wise pabs at moszumanska.debian.org
Mon Nov 20 15:56:49 UTC 2017


Author: pabs
Date: 2017-11-20 15:56:49 +0000 (Mon, 20 Nov 2017)
New Revision: 57855

Modified:
   data/CVE/list
Log:
busybox: autocompletion escape sequence vulnerability

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-11-20 15:54:54 UTC (rev 57854)
+++ data/CVE/list	2017-11-20 15:56:49 UTC (rev 57855)
@@ -1244,8 +1244,11 @@
 	NOTE: The wheezy version gives an assert before the vulnerability can be triggered. Due to this
 	NOTE: the severity of the wheezy version is low even though the vulnerable code is still present.
 	NOTE: The patch is trivial so it may be worth fixing in combination with some other fix.
-CVE-2017-16544
+CVE-2017-16544 [missing terminal escape sequence filtering in autocompletion]
 	RESERVED
+	- busybox <unfixed>
+	NOTE: https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/
+	NOTE: https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8
 CVE-2017-16543 (Zoho ManageEngine Applications Manager 13 allows SQL injection via ...)
 	NOT-FOR-US: Zoho
 CVE-2017-16542 (Zoho ManageEngine Applications Manager 13 allows Post-authentication ...)




More information about the Secure-testing-commits mailing list