Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 

b9783c47 by Salvatore Bonaccorso at 2018-02-13T21:14:01+01:00
CVE-2018-1000041: Add back full reference to the merge leading to fix the issue

Agreed on there is possibly only one relevant change within that series.

Furthermore mark the issue as unimporant with the following reasoning.
Although the code change would apply and be "fixed" with the update to
2.40.20-1, the issue is very specific to leaking information of Windows
username and NTLM password hash via a specially crafted SVG file
containing an UNC path on Windows.

If a issue is very specific to another OS we might have set the entry as
well to <not-affected> (Windows specific issue).

Note for (commit-)reviewers: comment if anybody disagrees on the above
assessment and severity change.

- - - - -

1 changed file:

- data/CVE/list


--- a/data/CVE/list
+++ b/data/CVE/list
@@ -733,8 +733,9 @@ CVE-2018-1000042 (Security Onion Solutions Squert version 
1.3.0 through 1.6.7 co
        NOT-FOR-US: Security Onion Solutions Squert
 CVE-2018-1000041 (GNOME librsvg version before commit ...)
-       - librsvg 2.40.20-1
-       NOTE: Fixed by:
+       - librsvg 2.40.20-1 (unimportant)
+       NOTE: Merge of changes:
+       NOTE:
 CVE-2017-18174 (In the Linux kernel before 4.7, the amd_gpio_remove function 
in ...)
        - linux 4.7.2-1
        NOTE: Fixed by:

View it on GitLab:

View it on GitLab:
You're receiving this email because of your account on
Secure-testing-commits mailing list

Reply via email to