[Git][security-tracker-team/security-tracker][master] Clarify note for CVE-2017-17529/abiword

Salvatore Bonaccorso carnil at debian.org
Fri Jan 4 19:47:28 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
007ec05f by Salvatore Bonaccorso at 2019-01-04T19:44:42Z
Clarify note for CVE-2017-17529/abiword

Whilst abiword/3.0.2-6 added the --with-gnomevfs flag for compilation
this has no effect for abiword in Debian as it compiles with GTK+-3, and
still the fallback_open_uri() will be used.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -62514,9 +62514,10 @@ CVE-2017-17529 (af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate s
 	[jessie] - abiword <no-dsa> (Minor issue)
 	[wheezy] - abiword <no-dsa> (Minor issue)
 	NOTE: https://sources.debian.org/src/abiword/3.0.2-5/src/af/util/xp/ut_go_file.cpp/#L1717
-	NOTE: Issue can be mitigated by compiling abiword in future with --with-gnomevfs so that
-	NOTE: abiword does not use the problematic fallback_open_uri. This though only works for
-	NOTE: GTK+-2. Abiword in Debian is compiled against GTK+3+
+	NOTE: Issue could be mitigated (when using GTK+-2) by compiling abiword with
+	NOTE: --with-gnomevfs so that abiword does not use the problematic fallback_open_uri.
+	NOTE: Abiword in Debian is compiled against GTK+3+, and thus the fallback_open_uri()
+	NOTE: function is used, despite the passed flag --with-gnomevfs was added in 3.0.2-6.
 	NOTE: See explanation in https://bugs.debian.org/884923#15
 CVE-2017-17528 (backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not ...)
 	- scummvm <unfixed> (unimportant)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/007ec05fb46a87352108b04e51b5b81b0bd7a157

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/007ec05fb46a87352108b04e51b5b81b0bd7a157
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190104/eb7ace56/attachment.html>

More information about the debian-security-tracker-commits mailing list