[Git][security-tracker-team/security-tracker][master] disassociate CVE-2017-17520 from src:tin
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Aug 22 11:30:42 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
76d9c07e by Moritz Muehlenhoff at 2025-08-22T12:30:22+02:00
disassociate CVE-2017-17520 from src:tin
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -583143,7 +583143,7 @@ CVE-2017-17521 (uiutil.c in FontForge through 20170731 does not validate strings
- fontforge <unfixed> (unimportant)
NOTE: https://sources.debian.org/src/fontforge/1:20170731%7Edfsg-1/fontforgeexe/uiutil.c/#L285
CVE-2017-17520 (tools/url_handler.pl in TIN 2.4.1 does not validate strings before lau ...)
- - tin <unfixed> (unimportant)
+ NOTE: Bogus CVE assignment, works as intended:
NOTE: https://sources.debian.org/src/tin/1:2.4.1-1/tools/url_handler.pl/?hl=120#L120
NOTE: Documentation has a clear SECURITY section mentioning that [...] url_handler
NOTE: does not try hard to shell escape its input nor does it convert relative URLs
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76d9c07e75346d572ab7fd59f5e2d93a26866638
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76d9c07e75346d572ab7fd59f5e2d93a26866638
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250822/453837b9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list