Author: apo
Date: 2017-02-28 14:00:56 +0000 (Tue, 28 Feb 2017)
New Revision: 49292
Modified:
data/CVE/list
Log:
CVE-2017-5836,libplist: Mark as no-dsa in Wheezy
The pointers are not incorrectly freed because the code is different in Wheezy.
Instead of parse_dict_node plist_from_bin would be affected. We could disallow
non-string key nodes but they are officially allowed though. I think we should
not
break this assumption for Wheezy.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-28 13:52:07 UTC (rev 49291)
+++ data/CVE/list 2017-02-28 14:00:56 UTC (rev 49292)
@@ -1422,6 +1422,7 @@
CVE-2017-5836 [issue in plist_free_data plist.c:185]
RESERVED
- libplist <unfixed> (bug #854000)
+ [wheezy] - libplist <no-dsa> (pointers are not incorrectly freed and
non-string key nodes are officially allowed)
NOTE: https://github.com/libimobiledevice/libplist/issues/86
NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/6
CVE-2017-5835 [memory allocation error in plist_from_bin]
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
