[Secure-testing-commits] r56971 - data/CVE
László Böszörményi
gcs at moszumanska.debian.org
Wed Oct 25 21:42:44 UTC 2017
Author: gcs
Date: 2017-10-25 21:42:44 +0000 (Wed, 25 Oct 2017)
New Revision: 56971
Modified:
data/CVE/list
Log:
Add CVE-2017-1000254/curl fixed version in unstable
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-25 21:10:31 UTC (rev 56970)
+++ data/CVE/list 2017-10-25 21:42:44 UTC (rev 56971)
@@ -4668,10 +4668,11 @@
NOTE: https://github.com/uclouvain/openjpeg/issues/982
CVE-2017-1000254 (libcurl may read outside of a heap allocated buffer when doing FTP. ...)
{DSA-3992-1 DLA-1121-1}
- - curl <unfixed> (bug #877671)
+ - curl 7.56.1-1 (bug #877671)
NOTE: https://curl.haxx.se/docs/adv_20171004.html
NOTE: Patch: https://curl.haxx.se/CVE-2017-1000254.patch
NOTE: Introduced by: https://github.com/curl/curl/commit/415d2e7cb7
+ NOTE: Upstream fix: https://github.com/curl/curl/commit/5ff2c5ff25750aba1a8f64fbcad8e5b891512584
CVE-2017-1000253 (Linux distributions that have not patched their long-term kernels with ...)
- linux 4.0.2-1
[jessie] - linux 3.16.7-ckt11-1
More information about the Secure-testing-commits
mailing list