Author: carnil Date: 2017-08-10 03:45:37 +0000 (Thu, 10 Aug 2017) New Revision: 54510
Modified: data/CVE/list Log: Correct tracking for CVE-2017-11590 Correct the initial triaging (done by me, so blame on me). Although the original report triggers the issue in the caseless_hash function, whichis only introduced in later version, the root cause lies within the gxps_archive_initable_init function. A pathname is dereferences before checking for NULL. Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-08-10 03:38:53 UTC (rev 54509) +++ data/CVE/list 2017-08-10 03:45:37 UTC (rev 54510) @@ -2819,10 +2819,9 @@ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473888 CVE-2017-11590 (There is a NULL pointer dereference in the caseless_hash function in ...) - libgxps <unfixed> (bug #870183) - [stretch] - libgxps <not-affected> (Vulnerable function introduced later) - [jessie] - libgxps <not-affected> (Vulnerable function introduced later) - [wheezy] - libgxps <not-affected> (Vulnerable function introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473167 + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=785479 + NOTE: Fixed by: https://git.gnome.org/browse/libgxps/commit/?id=9d5d2920 CVE-2017-11589 (On Cisco DDR2200 ADSL2+ Residential Gateway ...) NOT-FOR-US: Cisco CVE-2017-11588 (On Cisco DDR2200 ADSL2+ Residential Gateway ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits