[Secure-testing-commits] r56392 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Oct 4 06:15:12 UTC 2017
Author: carnil
Date: 2017-10-04 06:15:12 +0000 (Wed, 04 Oct 2017)
New Revision: 56392
Modified:
data/CVE/list
Log:
Add new curl issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-04 04:20:16 UTC (rev 56391)
+++ data/CVE/list 2017-10-04 06:15:12 UTC (rev 56392)
@@ -2332,6 +2332,11 @@
NOTE: https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_mqc_flush-mqc-c/
NOTE: https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9
NOTE: https://github.com/uclouvain/openjpeg/issues/982
+CVE-2017-1000254 [FTP PWD response parser out of bounds read]
+ - curl <unfixed>
+ NOTE: https://curl.haxx.se/docs/adv_20171004.html
+ NOTE: Patch: https://curl.haxx.se/CVE-2017-1000254.patch
+ NOTE: Introduced by: https://github.com/curl/curl/commit/415d2e7cb7
CVE-2017-1000253 [PIE/stack corruption]
- linux 4.0.2-1
[jessie] - linux 3.16.7-ckt11-1
More information about the Secure-testing-commits
mailing list