[Git][security-tracker-team/security-tracker][master] Clarify note for CVE-2017-17529/abiword

Fri, 04 Jan 2019 11:47:58 -0800 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
007ec05f by Salvatore Bonaccorso at 2019-01-04T19:44:42Z
Clarify note for CVE-2017-17529/abiword

Whilst abiword/3.0.2-6 added the --with-gnomevfs flag for compilation
this has no effect for abiword in Debian as it compiles with GTK+-3, and
still the fallback_open_uri() will be used.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -62514,9 +62514,10 @@ CVE-2017-17529 (af/util/xp/ut_go_file.cpp in AbiWord 
3.0.2-2 does not validate s
        [jessie] - abiword <no-dsa> (Minor issue)
        [wheezy] - abiword <no-dsa> (Minor issue)
        NOTE: 
https://sources.debian.org/src/abiword/3.0.2-5/src/af/util/xp/ut_go_file.cpp/#L1717
-       NOTE: Issue can be mitigated by compiling abiword in future with 
--with-gnomevfs so that
-       NOTE: abiword does not use the problematic fallback_open_uri. This 
though only works for
-       NOTE: GTK+-2. Abiword in Debian is compiled against GTK+3+
+       NOTE: Issue could be mitigated (when using GTK+-2) by compiling abiword 
with
+       NOTE: --with-gnomevfs so that abiword does not use the problematic 
fallback_open_uri.
+       NOTE: Abiword in Debian is compiled against GTK+3+, and thus the 
fallback_open_uri()
+       NOTE: function is used, despite the passed flag --with-gnomevfs was 
added in 3.0.2-6.
        NOTE: See explanation in https://bugs.debian.org/884923#15
 CVE-2017-17528 (backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does 
not ...)
        - scummvm <unfixed> (unimportant)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/007ec05fb46a87352108b04e51b5b81b0bd7a157

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/007ec05fb46a87352108b04e51b5b81b0bd7a157
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to