[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update CVE-2017-18174 information

Salvatore Bonaccorso carnil at debian.org
Sun Mar 4 07:42:54 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1bf89d19 by Salvatore Bonaccorso at 2018-03-04T08:35:17+01:00
Update CVE-2017-18174 information

Rationale: in kernel-sec the conclusion was that the double-free issue
is only introduced within the 4.11 release cycle and fixed in the same
relase cycle, but not affecting 4.7 version.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2950,11 +2950,8 @@ CVE-2018-1000041 (GNOME librsvg version before commit ...)
 	NOTE: Merge of changes: https://github.com/GNOME/librsvg/commit/c6ddf2ed4d768fd88adbea2b63f575cd523022ea
 	NOTE: https://github.com/GNOME/librsvg/commit/4de19d9fdddf81773125b04a4defe1ffd0d3bfe0
 CVE-2017-18174 (In the Linux kernel before 4.7, the amd_gpio_remove function in ...)
-	- linux 4.11.6-1
-	[stretch] - linux <not-affected> (Issue introduced later)
-	[jessie] - linux <not-affected> (Vulnerable code not present)
-	[wheezy] - linux <not-affected> (Vulnerable code not present)
-	NOTE: Fixed by: https://git.kernel.org/linus/8dca4a41f1ad65043a78c2338d9725f859c8d2c3
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: double-free introduced and fixed in the 4.11 release cycle
 CVE-2017-18173
 	RESERVED
 CVE-2017-18172



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1bf89d19610a22b25b82f42d3acb6d2e21577e5e

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1bf89d19610a22b25b82f42d3acb6d2e21577e5e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180304/ae6c67ea/attachment.html>

More information about the Secure-testing-commits mailing list