[Secure-testing-commits] r55613 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Sep 9 17:11:28 UTC 2017
Author: carnil
Date: 2017-09-09 17:11:27 +0000 (Sat, 09 Sep 2017)
New Revision: 55613
Modified:
data/CVE/list
Log:
Add more details for CVE-2017-14227
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-09 17:07:37 UTC (rev 55612)
+++ data/CVE/list 2017-09-09 17:11:27 UTC (rev 55613)
@@ -16,7 +16,9 @@
NOTE: uncovers the issue, which introduces UTF-8 validation during JSON encoding.
NOTE: Only after that the utf8_len=4294967295 as shown with the POC is passed to
NOTE: bson_utf8_validate via src/bson/bson-iter.c:2069
- NOTE: https://jira.mongodb.org/browse/CDRIVER-2269
+ NOTE: Still the underlying issue in bson-iter.c when parsing BSON with a codewscope
+ NOTE: type is present in earlier versions.
+ NOTE: Upstream issue: https://jira.mongodb.org/browse/CDRIVER-2269
CVE-2017-14226 (WP1StylesListener.cpp, WP5StylesListener.cpp, and ...)
- libwpd <unfixed>
NOTE: https://bugs.documentfoundation.org/show_bug.cgi?id=112269
More information about the Secure-testing-commits
mailing list