[Secure-testing-commits] r55374 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Sep 1 21:17:13 UTC 2017
Author: carnil
Date: 2017-09-01 21:17:13 +0000 (Fri, 01 Sep 2017)
New Revision: 55374
Modified:
data/CVE/list
Log:
Add CVE-2017-14107/libzip, #874010
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-01 21:10:14 UTC (rev 55373)
+++ data/CVE/list 2017-09-01 21:17:13 UTC (rev 55374)
@@ -3,7 +3,9 @@
CVE-2017-14108
RESERVED
CVE-2017-14107 (The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 ...)
- TODO: check
+ - libzip <unfixed> (bug #874010)
+ NOTE: https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/
+ NOTE: https://github.com/nih-at/libzip/commit/9b46957ec98d85a572e9ef98301247f39338a3b5
CVE-2017-14105 (HiveManager Classic through 8.1r1 allows arbitrary JSP code execution ...)
TODO: check
CVE-2017-14104
More information about the Secure-testing-commits
mailing list