[Secure-testing-commits] r57917 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Nov 22 05:30:27 UTC 2017
Author: carnil
Date: 2017-11-22 05:30:27 +0000 (Wed, 22 Nov 2017)
New Revision: 57917
Modified:
data/CVE/list
Log:
Update on CVE-2017-1000384
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-22 05:15:20 UTC (rev 57916)
+++ data/CVE/list 2017-11-22 05:30:27 UTC (rev 57917)
@@ -2068,10 +2068,14 @@
CVE-2017-16242
RESERVED
CVE-2017-1000384 [Arbitrary file read]
- - passenger <undetermined>
- - ruby-passenger <undetermined>
+ - passenger <unfixed>
+ - ruby-passenger <removed>
+ [jessie] - ruby-passenger <no-dsa> (Minor issue)
NOTE: https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/
- TODO: check
+ NOTE: https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf
+ NOTE: http://www.openwall.com/lists/oss-security/2017/11/21/2 and following.
+ NOTE: Problem mitigated in versions prior to 5.0.10 where root privileges were required to
+ NOTE: get the status information.
CVE-2017-1000383 (GNU Emacs version 25.3.1 (and other versions most likely) ignores ...)
NOTE: This CVE assignment is nonsense, GNU emacs reuses the umask of the original
NOTE: file when creating a backup file. That's hardly incorrect behaviour
More information about the Secure-testing-commits
mailing list