Author: carnil
Date: 2017-12-17 08:12:10 +0000 (Sun, 17 Dec 2017)
New Revision: 58627
Modified:
data/CVE/list
Log:
Mark fontforge issue as unimportant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-16 23:49:40 UTC (rev 58626)
+++ data/CVE/list 2017-12-17 08:12:10 UTC (rev 58627)
@@ -4898,10 +4898,8 @@
NOTE: Lib/webbrowser.py does not validate strings before launching the
program
NOTE: specified by the BROWSER environment variable.
CVE-2017-17521 (uiutil.c in FontForge through 20170731 does not validate
strings before ...)
- - fontforge <unfixed>
- [wheezy] - fontforge <no-dsa> (Minor issue)
+ - fontforge <unfixed> (unimportant)
NOTE:
https://sources.debian.org/src/fontforge/1:20170731%7Edfsg-1/fontforgeexe/uiutil.c/#L285
- NOTE: Classified as minor in wheezy as all calls to this function is
with input data that the user do not have control of. The user has control over
the browser variable that but that should not be considered as a problem.
CVE-2017-17520 (** DISPUTED ** tools/url_handler.pl in TIN 2.4.1 does not
validate ...)
- tin <unfixed> (unimportant)
NOTE:
https://sources.debian.org/src/tin/1:2.4.1-1/tools/url_handler.pl/?hl=120#L120
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
