[Secure-testing-commits] r57155 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Tue Oct 31 11:30:35 UTC 2017
Author: jmm
Date: 2017-10-31 11:30:35 +0000 (Tue, 31 Oct 2017)
New Revision: 57155
Modified:
data/CVE/list
Log:
exiv2 n/a
revised redis fix
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-31 09:29:05 UTC (rev 57154)
+++ data/CVE/list 2017-10-31 11:30:35 UTC (rev 57155)
@@ -3165,7 +3165,7 @@
CVE-2017-15048
RESERVED
CVE-2017-15047 (The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows ...)
- - redis 4:4.0.2-4 (bug #878076; unimportant)
+ - redis 4:4.0.2-5 (bug #878076; unimportant)
[jessie] - redis <not-affected> (Vulnerable code introduced later)
[wheezy] - redis <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/antirez/redis/issues/4278
@@ -13122,8 +13122,9 @@
CVE-2017-11593 (Cross-site scripting (XSS) vulnerability in the Markdown Preview Plus ...)
NOT-FOR-US: Chrome extension Markdown Preview Plus
CVE-2017-11592 (There is a Mismatched Memory Management Routines vulnerability in the ...)
- - exiv2 <unfixed> (low)
- [wheezy] - exiv2 <not-affected> (Vulnerable code not present)
+ [experimental] - exiv2 <unfixed>
+ - exiv2 <not-affected> (printTiffStructure introduced in 0.26)
+ TODO: Report against experimental
NOTE: https://github.com/Exiv2/exiv2/issues/56
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473889
NOTE: Not reproducible in wheezy/jessie/stretch/sid(0.25-3.1).
More information about the Secure-testing-commits
mailing list