Author: carnil Date: 2017-11-22 05:30:27 +0000 (Wed, 22 Nov 2017) New Revision: 57917
Modified: data/CVE/list Log: Update on CVE-2017-1000384 Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-22 05:15:20 UTC (rev 57916) +++ data/CVE/list 2017-11-22 05:30:27 UTC (rev 57917) @@ -2068,10 +2068,14 @@ CVE-2017-16242 RESERVED CVE-2017-1000384 [Arbitrary file read] - - passenger <undetermined> - - ruby-passenger <undetermined> + - passenger <unfixed> + - ruby-passenger <removed> + [jessie] - ruby-passenger <no-dsa> (Minor issue) NOTE: https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/ - TODO: check + NOTE: https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf + NOTE: http://www.openwall.com/lists/oss-security/2017/11/21/2 and following. + NOTE: Problem mitigated in versions prior to 5.0.10 where root privileges were required to + NOTE: get the status information. CVE-2017-1000383 (GNU Emacs version 25.3.1 (and other versions most likely) ignores ...) NOTE: This CVE assignment is nonsense, GNU emacs reuses the umask of the original NOTE: file when creating a backup file. That's hardly incorrect behaviour _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits