[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark CVE-2017-16932 as ignored for stretch and jessie

Salvatore Bonaccorso carnil at debian.org
Tue Jan 2 16:23:48 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
508adae9 by Salvatore Bonaccorso at 2018-01-02T17:17:18+01:00
Mark CVE-2017-16932 as ignored for stretch and jessie

The reason is that only cherry-picking
899a5d9f0ed13b8e32449a08a361e0de127dd961 does not completely fix the
issue on its own.

See: https://bugs.debian.org/882613#12

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -10420,10 +10420,12 @@ CVE-2016-10700 (auth_login.php in Cacti before 1.0.0 allows remote authenticated
 CVE-2017-16932 (parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in ...)
 	{DLA-1194-1}
 	- libxml2 <unfixed> (bug #882613)
-	[stretch] - libxml2 <no-dsa> (Minor issue)
-	[jessie] - libxml2 <no-dsa> (Minor issue)
+	[stretch] - libxml2 <ignored> (Minor issue; too intrusive to backport)
+	[jessie] - libxml2 <ignored> (Minor issue; too intrusive to backport)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759579
 	NOTE: https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961
+	NOTE: Applying only 899a5d9f0ed13b8e32449a08a361e0de127dd961 does not completely
+	NOTE: fix the issue, see https://bugs.debian.org/882613#12 for discussion.
 CVE-2017-16931 (parser.c in libxml2 before 2.9.5 mishandles parameter-entity references ...)
 	{DLA-1194-1}
 	- libxml2 2.9.4+dfsg1-3.1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/508adae912b4031d113541f4f06686ffcf72c8ea

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/508adae912b4031d113541f4f06686ffcf72c8ea
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180102/940b6413/attachment-0001.html>

More information about the Secure-testing-commits mailing list