[Git][security-tracker-team/security-tracker][master] Mark CVE-2017-17973 as unimportant

Salvatore Bonaccorso carnil at debian.org
Thu May 10 20:18:38 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3da455b7 by Salvatore Bonaccorso at 2018-05-10T21:18:29+02:00
Mark CVE-2017-17973 as unimportant

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -19083,12 +19083,14 @@ CVE-2017-17975 (Use-after-free in the usbtv_probe function in ...)
 CVE-2017-17974 (BA SYSTEMS BAS Web on BAS920 devices (with Firmware 01.01.00*, HTTPserv ...)
 	NOT-FOR-US: BA SYSTEMS BAS Web on BAS920 devices
 CVE-2017-17973 (** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free ...)
-	- tiff <unfixed>
-	[stretch] - tiff <not-affected> (Vulnerable code introduced later)
-	[jessie] - tiff <not-affected> (Vulnerable code introduced later)
-	[wheezy] - tiff <not-affected> (Vulnerable code introduced later)
+	- tiff <unfixed> (unimportant)
 	- tiff3 <removed> (unimportant)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2769
+	NOTE: Details on the issue are not confirmed by the reporter after several attempts
+	NOTE: and this does like a non-issue. More reprodicibly reports are from SUSE in
+	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1074318#c5 claiming this might be
+	NOTE: a duplicate of CVE-2017-9935. Unless the reporter provides more details on
+	NOTE: upstream report go and consider this as non-issue.
 CVE-2017-1000447
 	REJECTED
 CVE-2017-1000446



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3da455b704d86d7047ca86aa5681ed75b5f028f2

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3da455b704d86d7047ca86aa5681ed75b5f028f2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180510/836f76e6/attachment.html>

More information about the debian-security-tracker-commits mailing list