[Secure-testing-commits] r55610 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Sep 9 15:20:16 UTC 2017
Author: carnil
Date: 2017-09-09 15:20:15 +0000 (Sat, 09 Sep 2017)
New Revision: 55610
Modified:
data/CVE/list
Log:
Add note for CVE-2017-14227
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-09 14:58:57 UTC (rev 55609)
+++ data/CVE/list 2017-09-09 15:20:15 UTC (rev 55610)
@@ -12,6 +12,10 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1489355
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1489356
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1489362
+ NOTE: Issue possibly introduced only with https://github.com/mongodb/libbson/commit/0f501e7ed51a42d5502d319bce35b41f1a3aa112 (1.7.0-rc0)
+ NOTE: which introduces UTF-8 validation during JSON encoding.
+ NOTE: Only after that the utf8_len=4294967295 as shown with the POC
+ NOTE: is passed to bson_utf8_validate via src/bson/bson-iter.c:2069
CVE-2017-14226 (WP1StylesListener.cpp, WP5StylesListener.cpp, and ...)
- libwpd <unfixed>
NOTE: https://bugs.documentfoundation.org/show_bug.cgi?id=112269
More information about the Secure-testing-commits
mailing list