[Git][security-tracker-team/security-tracker][master] Update information on CVE-2017-17497/tidy-html5

Salvatore Bonaccorso carnil at debian.org
Thu Oct 25 08:00:41 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
42ec680b by Salvatore Bonaccorso at 2018-10-25T07:00:28Z
Update information on CVE-2017-17497/tidy-html5

Unfortunately a vulnerable upload as 2:5.6.0-1 was performed to unstable
(previously the issue did not affect any version in a respective suite).
With the 2:5.6.0-1 upload the package needed a targeted upload to adress
the issue in unstable.

Adjust tracking information and move the not affected version only to
the stretch stanza.

Annotate unstable version with the 2:5.6.0-3 version information.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -46684,10 +46684,14 @@ CVE-2017-17498 (WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows re
 	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/f1c418ef0260
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/525/
 CVE-2017-17497 (In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows ...)
-	- tidy-html5 <not-affected> (Vulnerable code introduced after 5.6.0)
+	- tidy-html5 2:5.6.0-3
+	[stretch] - tidy-html5 <not-affected> (Vulnerable code introduced after 5.6.0)
 	- tidy <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/htacg/tidy-html5/issues/656
 	NOTE: https://github.com/htacg/tidy-html5/commit/a111d7a9691953f903ffa1fdbc3762dec22fc215
+	NOTE: Issue originally never in DEbian because teh vulnerable code was
+	NOTE: introduced in 5.6.0. But with the 2:5.6.0-1 upload the package got
+	NOTE: vulnerable and needed a targeted fix via 2:5.6.0-3 upload.
 CVE-2017-17496
 	REJECTED
 CVE-2017-17495



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/42ec680b35343de0d04ead575e80b657bcafc756

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/42ec680b35343de0d04ead575e80b657bcafc756
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181025/15a73b7d/attachment.html>

More information about the debian-security-tracker-commits mailing list