Author: opal
Date: 2017-12-17 17:16:33 +0000 (Sun, 17 Dec 2017)
New Revision: 58647

Modified:
   data/CVE/list
Log:
Triage result.

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-12-17 15:04:51 UTC (rev 58646)
+++ data/CVE/list       2017-12-17 17:16:33 UTC (rev 58647)
@@ -4878,7 +4878,9 @@
        NOTE: 
https://sources.debian.org/src/postbooks/4.7.0-3/guiclient/guiclient.cpp/?hl=1610#L1610
 CVE-2017-17524 (library/www_browser.pl in SWI-Prolog 7.2.3 does not validate 
strings ...)
        - swi-prolog <unfixed>
+       [wheezy] - swi-prolog <no-dsa> (Minor Issue)
        NOTE: 
https://sources.debian.org/src/swi-prolog/7.2.3+dfsg-1/library/www_browser.pl/?hl=68#L68
+       NOTE: In wheezy it is technically possible to trigger an argument 
injection vulnerability however it is quoted in an unusual way which makes it 
highly unlikely that it going to be.
 CVE-2017-17523 (lilypond-invoke-editor in LilyPond 2.19.80 does not validate 
strings ...)
        - lilypond <unfixed> (bug #884136)
        [jessie] - lilypond <no-dsa> (Minor issue)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to