Author: jmm Date: 2017-10-31 11:30:35 +0000 (Tue, 31 Oct 2017) New Revision: 57155
Modified: data/CVE/list Log: exiv2 n/a revised redis fix Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-10-31 09:29:05 UTC (rev 57154) +++ data/CVE/list 2017-10-31 11:30:35 UTC (rev 57155) @@ -3165,7 +3165,7 @@ CVE-2017-15048 RESERVED CVE-2017-15047 (The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows ...) - - redis 4:4.0.2-4 (bug #878076; unimportant) + - redis 4:4.0.2-5 (bug #878076; unimportant) [jessie] - redis <not-affected> (Vulnerable code introduced later) [wheezy] - redis <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/antirez/redis/issues/4278 @@ -13122,8 +13122,9 @@ CVE-2017-11593 (Cross-site scripting (XSS) vulnerability in the Markdown Preview Plus ...) NOT-FOR-US: Chrome extension Markdown Preview Plus CVE-2017-11592 (There is a Mismatched Memory Management Routines vulnerability in the ...) - - exiv2 <unfixed> (low) - [wheezy] - exiv2 <not-affected> (Vulnerable code not present) + [experimental] - exiv2 <unfixed> + - exiv2 <not-affected> (printTiffStructure introduced in 0.26) + TODO: Report against experimental NOTE: https://github.com/Exiv2/exiv2/issues/56 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473889 NOTE: Not reproducible in wheezy/jessie/stretch/sid(0.25-3.1). _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits