[Secure-testing-commits] r56540 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Oct 9 15:33:43 UTC 2017
Author: carnil
Date: 2017-10-09 15:33:43 +0000 (Mon, 09 Oct 2017)
New Revision: 56540
Modified:
data/CVE/list
Log:
Mark redis issue as unimportant, no real security impact under normal/sane configurations of redis
An administrator would have needed to change default settings, such that
the file is used from an unprotected location.
Thus moving state from no-dsa to unimportant, no security impact in
practice at all.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-09 15:25:01 UTC (rev 56539)
+++ data/CVE/list 2017-10-09 15:33:43 UTC (rev 56540)
@@ -285,9 +285,9 @@
CVE-2017-15048
RESERVED
CVE-2017-15047 (The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows ...)
- - redis <unfixed> (bug #878076)
- [stretch] - redis <no-dsa> (Minor issue)
+ - redis <unfixed> (bug #878076; unimportant)
[jessie] - redis <not-affected> (Vulnerable code introduced later)
+ [wheezy] - redis <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/antirez/redis/issues/4278
NOTE: Pull request: https://github.com/antirez/redis/pull/4365
CVE-2017-15046 (LAME 3.99.5 has a stack-based buffer overflow in unpack_read_samples ...)
More information about the Secure-testing-commits
mailing list