[Secure-testing-commits] r57919 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Nov 22 06:02:59 UTC 2017
Author: carnil
Date: 2017-11-22 06:02:58 +0000 (Wed, 22 Nov 2017)
New Revision: 57919
Modified:
data/CVE/list
Log:
Add todo for CVE-2017-1000384 until further checked/triaged
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-22 05:43:51 UTC (rev 57918)
+++ data/CVE/list 2017-11-22 06:02:58 UTC (rev 57919)
@@ -2076,6 +2076,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/11/21/2 and following.
NOTE: Problem mitigated in versions prior to 5.0.10 where root privileges were required to
NOTE: get the status information.
+ TODO: check if as well no-dsa for stretch, there are certain condition which need to be satisfied to be exploitable
CVE-2017-1000383 (GNU Emacs version 25.3.1 (and other versions most likely) ignores ...)
NOTE: This CVE assignment is nonsense, GNU emacs reuses the umask of the original
NOTE: file when creating a backup file. That's hardly incorrect behaviour
More information about the Secure-testing-commits
mailing list