Author: jmm Date: 2017-11-08 21:40:26 +0000 (Wed, 08 Nov 2017) New Revision: 57471
Modified: data/CVE/list Log: emacs CVE ID is nonsense Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-08 21:40:04 UTC (rev 57470) +++ data/CVE/list 2017-11-08 21:40:26 UTC (rev 57471) @@ -998,14 +998,8 @@ CVE-2017-16242 RESERVED CVE-2017-1000383 (GNU Emacs version 25.3.1 (and other versions most likely) ignores ...) - - emacs25 <unfixed> - [stretch] - emacs25 <no-dsa> (Minor issue) - - emacs24 <removed> - [stretch] - emacs24 <no-dsa> (Minor issue) - [jessie] - emacs24 <no-dsa> (Minor issue) - - emacs23 <removed> - [wheezy] - emacs23 <no-dsa> (Minor issue) - NOTE: http://www.openwall.com/lists/oss-security/2017/10/31/15 + NOTE: This CVE assignment is nonsense, GNU emacs reuses the umask of the original + NOTE: file when creating a backup file. That's hardly incorrect behaviour CVE-2017-1000382 (VIM version 8.0.1187 (and other versions most likely) ignores umask ...) - vim <unfixed> [stretch] - vim <no-dsa> (Minor issue) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits