[Secure-testing-commits] r57051 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Oct 28 08:35:44 UTC 2017


Author: carnil
Date: 2017-10-28 08:35:44 +0000 (Sat, 28 Oct 2017)
New Revision: 57051

Modified:
   data/CVE/list
Log:
Add some clarification to note for CVE-2017-11613

The note probably should be dropped completely as classification by Red
Hat and Debian often diverge. We might mark it as unimportant instead if
the memory leak/issue should actually be handled by the calling
application or mark it otherwise as no-dsa if we know the problem is
present as well in the other supported releases.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-28 08:23:00 UTC (rev 57050)
+++ data/CVE/list	2017-10-28 08:35:44 UTC (rev 57051)
@@ -11984,7 +11984,9 @@
 	- tiff <unfixed> (bug #869823)
 	- tiff3 <removed>
 	NOTE: https://gist.github.com/dazhouzhou/1a3b7400547f23fe316db303ab9b604f
-	NOTE: RedHat marked this NOTABUG: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-11613
+	NOTE: Red Hat marked this NOTABUG: https://bugzilla.redhat.com/show_bug.cgi?id=1475530
+	NOTE: NOTABUG in RHEL context only means in most cases that Red Hat does not intent
+	NOTE: to address this issue.
 CVE-2017-11612 (In Joomla! before 3.7.4, inadequate filtering of potentially malicious ...)
 	NOT-FOR-US: Joomla!
 CVE-2016-10401 (ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it ...)




More information about the Secure-testing-commits mailing list