[Secure-testing-commits] r58868 - data/CVE

Sat, 23 Dec 2017 05:34:52 -0800 

Author: carnil
Date: 2017-12-23 13:34:27 +0000 (Sat, 23 Dec 2017)
New Revision: 58868

Modified:
   data/CVE/list
Log:
Mark CVE-2017-17522 as unimportant

Hardly an issue with security impact and as well disputed upstream as
the code in question relies on further processing via subprocess.Popen
and with the default shell=False.

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-12-23 13:31:03 UTC (rev 58867)
+++ data/CVE/list       2017-12-23 13:34:27 UTC (rev 58868)
@@ -5404,18 +5404,20 @@
        [wheezy] - lilypond <no-dsa> (Minor issue)
        NOTE: https://sourceforge.net/p/testlilyissues/issues/5243/
 CVE-2017-17522 (** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does 
not ...)
-       - jython <unfixed>
+       - jython <unfixed> (unimportant)
        [wheezy] - jython <not-affected> (Vulnerable code is not provided in 
the binary package)
-       - python2.6 <removed>
-       - python2.7 <unfixed>
-       - python3.2 <removed>
-       - python3.4 <removed>
-       - python3.5 <unfixed>
-       - python3.6 <unfixed>
-       - python3.7 <unfixed>
+       - python2.6 <removed> (unimportant)
+       - python2.7 <unfixed> (unimportant)
+       - python3.2 <removed> (unimportant)
+       - python3.4 <removed> (unimportant)
+       - python3.5 <unfixed> (unimportant)
+       - python3.6 <unfixed> (unimportant)
+       - python3.7 <unfixed> (unimportant)
        NOTE: Lib/webbrowser.py does not validate strings before launching the 
program
        NOTE: specified by the BROWSER environment variable.
        NOTE: https://bugs.python.org/issue32367
+       NOTE: Hardly an issue with security impact, as the problematic code 
further relies
+       NOTE: on subprocess.Popen with the default shell=False.
 CVE-2017-17521 (uiutil.c in FontForge through 20170731 does not validate 
strings before ...)
        - fontforge <unfixed> (unimportant)
        NOTE: 
https://sources.debian.org/src/fontforge/1:20170731%7Edfsg-1/fontforgeexe/uiutil.c/#L285


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to