[Secure-testing-commits] r56971 - data/CVE

László Böszörményi gcs at moszumanska.debian.org
Wed Oct 25 21:42:44 UTC 2017


Author: gcs
Date: 2017-10-25 21:42:44 +0000 (Wed, 25 Oct 2017)
New Revision: 56971

Modified:
   data/CVE/list
Log:
Add CVE-2017-1000254/curl fixed version in unstable


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-25 21:10:31 UTC (rev 56970)
+++ data/CVE/list	2017-10-25 21:42:44 UTC (rev 56971)
@@ -4668,10 +4668,11 @@
 	NOTE: https://github.com/uclouvain/openjpeg/issues/982
 CVE-2017-1000254 (libcurl may read outside of a heap allocated buffer when doing FTP. ...)
 	{DSA-3992-1 DLA-1121-1}
-	- curl <unfixed> (bug #877671)
+	- curl 7.56.1-1 (bug #877671)
 	NOTE: https://curl.haxx.se/docs/adv_20171004.html
 	NOTE: Patch: https://curl.haxx.se/CVE-2017-1000254.patch
 	NOTE: Introduced by: https://github.com/curl/curl/commit/415d2e7cb7
+	NOTE: Upstream fix: https://github.com/curl/curl/commit/5ff2c5ff25750aba1a8f64fbcad8e5b891512584
 CVE-2017-1000253 (Linux distributions that have not patched their long-term kernels with ...)
 	- linux 4.0.2-1
 	[jessie] - linux 3.16.7-ckt11-1




More information about the Secure-testing-commits mailing list