Author: carnil
Date: 2017-12-26 13:26:09 +0000 (Tue, 26 Dec 2017)
New Revision: 58938
Modified:
data/CVE/list
Log:
Mark CVE-2017-1000382 as unimportant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-26 13:19:59 UTC (rev 58937)
+++ data/CVE/list 2017-12-26 13:26:09 UTC (rev 58938)
@@ -11941,11 +11941,12 @@
NOTE: file when creating a backup file. That's hardly incorrect
behaviour
NOTE: Upstream report:
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=29182
CVE-2017-1000382 (VIM version 8.0.1187 (and other versions most likely)
ignores umask ...)
- - vim <unfixed>
- [stretch] - vim <no-dsa> (Minor issue)
- [jessie] - vim <no-dsa> (Minor issue)
- [wheezy] - vim <no-dsa> (Minor issue)
+ - vim <unfixed> (unimportant)
NOTE: http://www.openwall.com/lists/oss-security/2017/10/31/15
+ NOTE: Cf. http://www.openwall.com/lists/oss-security/2017/11/01/4
+ NOTE: vim creates the .swp file according to the permissions of the
file being
+ NOTE: edited, admitely ignoring the umask, so in the reporters case the
.swp
+ NOTE: file is readable by others. But that seem to be the intended
behaviour.
CVE-2017-16248 (The Catalyst-Plugin-Static-Simple module before 0.34 for Perl
allows ...)
- libcatalyst-plugin-static-simple-perl 0.34-1 (bug #880458)
[stretch] - libcatalyst-plugin-static-simple-perl <no-dsa> (Minor issue)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
