[Secure-testing-commits] r57059 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Oct 28 09:16:39 UTC 2017
Author: carnil
Date: 2017-10-28 09:16:39 +0000 (Sat, 28 Oct 2017)
New Revision: 57059
Modified:
data/CVE/list
Log:
Update CVE-2017-15939/binutils
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-28 09:11:46 UTC (rev 57058)
+++ data/CVE/list 2017-10-28 09:16:39 UTC (rev 57059)
@@ -24,7 +24,9 @@
CVE-2017-15940
RESERVED
CVE-2017-15939 (dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...)
- TODO: check
+ - binutils <not-affected> (Incomplete fix not applied)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22205
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a54018b72d75abf2e74bf36016702da06399c1d9
CVE-2017-15938 (dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...)
TODO: check
CVE-2017-15937 (Artica Pandora FMS version 7.0 leaks a full installation pathname via ...)
@@ -2238,6 +2240,8 @@
NOTE: https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22200
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c361faae8d964db951b7100cada4dcdc983df1bf
+ NOTE: When this issue is fixed it is to make sure to not open CVE-2017-15939, i.e.
+ NOTE: not to apply the incomplete fix. See notes on CVE-2017-15939
CVE-2017-15022 (dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...)
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
More information about the Secure-testing-commits
mailing list