Author: carnil
Date: 2017-08-10 03:45:37 +0000 (Thu, 10 Aug 2017)
New Revision: 54510
Modified:
data/CVE/list
Log:
Correct tracking for CVE-2017-11590
Correct the initial triaging (done by me, so blame on me). Although the
original report triggers the issue in the caseless_hash function,
whichis only introduced in later version, the root cause lies within the
gxps_archive_initable_init function. A pathname is dereferences before
checking for NULL.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-10 03:38:53 UTC (rev 54509)
+++ data/CVE/list 2017-08-10 03:45:37 UTC (rev 54510)
@@ -2819,10 +2819,9 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473888
CVE-2017-11590 (There is a NULL pointer dereference in the caseless_hash
function in ...)
- libgxps <unfixed> (bug #870183)
- [stretch] - libgxps <not-affected> (Vulnerable function introduced
later)
- [jessie] - libgxps <not-affected> (Vulnerable function introduced later)
- [wheezy] - libgxps <not-affected> (Vulnerable function introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473167
+ NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=785479
+ NOTE: Fixed by: https://git.gnome.org/browse/libgxps/commit/?id=9d5d2920
CVE-2017-11589 (On Cisco DDR2200 ADSL2+ Residential Gateway ...)
NOT-FOR-US: Cisco
CVE-2017-11588 (On Cisco DDR2200 ADSL2+ Residential Gateway ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
