[Secure-testing-commits] r56797 - data/CVE

Salvatore Bonaccorso Tue, 17 Oct 2017 22:36:36 -0700

Author: carnil
Date: 2017-10-18 05:36:03 +0000 (Wed, 18 Oct 2017)
New Revision: 56797


Modified:
   data/CVE/list
Log:
Mark CVE-2017-14604 as no-dsa

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-10-18 05:32:30 UTC (rev 56796)
+++ data/CVE/list       2017-10-18 05:36:03 UTC (rev 56797)
@@ -2513,6 +2513,7 @@
 CVE-2017-14604 (GNOME Nautilus before 3.23.90 allows attackers to spoof a file 
type by ...)
        {DSA-3994-1}
        - nautilus 3.25.90-1 (bug #860268)
+       [jessie] - nautilus <no-dsa> (Minor issue, issue mitigated because does 
not silently decompress tarballs)
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777991
        NOTE: 
https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/
        NOTE: https://github.com/freedomofpress/securedrop/issues/2238


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r56797 - data/CVE

Reply via email to