[Git][security-tracker-team/security-tracker][master] Mark CVE-2018-17076/gpp as no-dsa
Salvatore Bonaccorso
carnil at debian.org
Sun Sep 16 10:45:20 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
454a1ce3 by Salvatore Bonaccorso at 2018-09-16T09:43:45Z
Mark CVE-2018-17076/gpp as no-dsa
Rationale: not sure it might be used e.g. in a service processing LaTeX
documents in a webservice. If it is purely used as CLI tool, this would
be unimportant severity. Still disputable how to mark it correctly.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -10,6 +10,7 @@ CVE-2018-17077 (An issue was discovered in yiqicms through 2016-11-20. There is
NOT-FOR-US: yiqicms
CVE-2018-17076 (GPP through 2.25 will try to use more memory space than is available on ...)
- gpp <unfixed>
+ [stretch] - gpp <no-dsa> (Minor issue)
NOTE: https://github.com/logological/gpp/issues/26
CVE-2018-17075 (The html package (aka x/net/html) before 2018-07-13 in Go mishandles ...)
TODO: check
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/454a1ce33e2e5f15f2e6dc79cb98018d42488d53
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/454a1ce33e2e5f15f2e6dc79cb98018d42488d53
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180916/5c20078a/attachment.html>
More information about the debian-security-tracker-commits
mailing list