[Secure-testing-commits] r56797 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Oct 18 05:36:03 UTC 2017
Author: carnil
Date: 2017-10-18 05:36:03 +0000 (Wed, 18 Oct 2017)
New Revision: 56797
Modified:
data/CVE/list
Log:
Mark CVE-2017-14604 as no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-18 05:32:30 UTC (rev 56796)
+++ data/CVE/list 2017-10-18 05:36:03 UTC (rev 56797)
@@ -2513,6 +2513,7 @@
CVE-2017-14604 (GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by ...)
{DSA-3994-1}
- nautilus 3.25.90-1 (bug #860268)
+ [jessie] - nautilus <no-dsa> (Minor issue, issue mitigated because does not silently decompress tarballs)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777991
NOTE: https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/
NOTE: https://github.com/freedomofpress/securedrop/issues/2238
More information about the Secure-testing-commits
mailing list