[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update CVE-2017-7516, associate source package name
Salvatore Bonaccorso
carnil at debian.org
Wed Jan 31 06:40:19 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6dbad0ae by Salvatore Bonaccorso at 2018-01-31T07:39:08+01:00
Update CVE-2017-7516, associate source package name
The original proposed fix in
https://lists.gnu.org/archive/html/bug-cpio/2017-06/msg00001.html was
not the way to go, resulting in attempt 2 in
https://lists.gnu.org/archive/html/bug-cpio/2017-06/msg00005.html
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -45699,8 +45699,9 @@ CVE-2017-7517
RESERVED
NOT-FOR-US: OpenShift
CVE-2017-7516 (It was found that the cpio --no-absolute-filenames option since ...)
- TODO: check
- NOTE: Fixed by: https://lists.gnu.org/archive/html/bug-cpio/2017-06/msg00001.html
+ - cpio <unfixed>
+ NOTE: https://lists.gnu.org/archive/html/bug-cpio/2017-06/msg00001.html
+ NOTE: and followups: https://lists.gnu.org/archive/html/bug-cpio/2017-06/msg00005.html
CVE-2017-7515 (poppler through version 0.55.0 is vulnerable to an uncontrolled ...)
- poppler 0.57.0-2 (unimportant)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101208
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6dbad0aecd5c1d116fb4dd918526a6646da6fa54
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6dbad0aecd5c1d116fb4dd918526a6646da6fa54
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180131/a3ae3d79/attachment.html>
More information about the Secure-testing-commits
mailing list