[Secure-testing-commits] r56134 - in data: . CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Sep 25 17:11:00 UTC 2017
Author: carnil
Date: 2017-09-25 17:11:00 +0000 (Mon, 25 Sep 2017)
New Revision: 56134
Modified:
data/CVE/list
data/dsa-needed.txt
Log:
Mark weechat as no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-25 16:54:16 UTC (rev 56133)
+++ data/CVE/list 2017-09-25 17:11:00 UTC (rev 56134)
@@ -34,6 +34,8 @@
NOTE: https://core.trac.wordpress.org/changeset/41393
CVE-2017-14727 (logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash ...)
- weechat 1.9.1-1 (bug #876553)
+ [stretch] - weechat <no-dsa> (Minor issue; requires a malicious IRC server)
+ [jessie] - weechat <no-dsa> (Minor issue; requires a malicious IRC server)
NOTE: Fixed by: https://github.com/weechat/weechat/commit/f105c6f0b56fb5687b2d2aedf37cb1d1b434d556
CVE-2017-14717 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks ...)
NOT-FOR-US: EPESI
Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2017-09-25 16:54:16 UTC (rev 56133)
+++ data/dsa-needed.txt 2017-09-25 17:11:00 UTC (rev 56134)
@@ -71,10 +71,6 @@
vlc
wait until 2.2.7 release
--
-weechat
- Should be only exploitable with malicious server sending commands,
- thus might actually be better suited as minor-issue.
---
wireshark (seb)
2017-05-13: asked balint@ if he wants to prepare an update now
2017-07-28: re-ping balint@
More information about the Secure-testing-commits
mailing list