[Secure-testing-commits] r56023 - data/CVE
Markus Koschany
apo at moszumanska.debian.org
Fri Sep 22 18:23:13 UTC 2017
Author: apo
Date: 2017-09-22 18:23:13 +0000 (Fri, 22 Sep 2017)
New Revision: 56023
Modified:
data/CVE/list
Log:
kannel,CVE-2017-14609: no-dsa for Wheezy
I think it is sensible to follow Jessie/Stretch in this case. The exploit is
limited to non-root local users and requires that someone compromises the
daemon, so at least one other condition must be fulfilled to manipulate the PID
file. This issue could be fixed when more serious issues are discovered but it
appears to be less severe at the moment.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-22 17:56:21 UTC (rev 56022)
+++ data/CVE/list 2017-09-22 18:23:13 UTC (rev 56023)
@@ -242,6 +242,7 @@
- kannel <unfixed> (low)
[stretch] - kannel <no-dsa> (Minor issue)
[jessie] - kannel <no-dsa> (Minor issue)
+ [wheezy] - kannel <no-dsa> (Minor issue)
NOTE: https://redmine.kannel.org/issues/771
CVE-2017-14608 (In LibRaw through 0.18.4, an out of bounds read flaw related to ...)
- libraw <unfixed> (low)
More information about the Secure-testing-commits
mailing list