[Secure-testing-commits] r55425 - data/CVE
Markus Koschany
apo at moszumanska.debian.org
Sun Sep 3 19:15:39 UTC 2017
Author: apo
Date: 2017-09-03 19:15:39 +0000 (Sun, 03 Sep 2017)
New Revision: 55425
Modified:
data/CVE/list
Log:
CVE-2017-2834,freerdp: Mark as not-affected in Wheezy
The license_recv function in Wheezy does not subtract 4 from the length
variable and this variable is also not passed to the decryption function.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-03 18:50:03 UTC (rev 55424)
+++ data/CVE/list 2017-09-03 19:15:39 UTC (rev 55425)
@@ -33090,6 +33090,7 @@
RESERVED
{DSA-3923-1}
- freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880)
+ [wheezy] - freerdp <not-affected> (vulnerable code not present)
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0336
NOTE: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html
NOTE: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c (1.1)
More information about the Secure-testing-commits
mailing list