[Secure-testing-commits] r50143 - data/CVE

Salvatore Bonaccorso Tue, 28 Mar 2017 11:51:01 -0700

Author: carnil
Date: 2017-03-28 18:50:24 +0000 (Tue, 28 Mar 2017)
New Revision: 50143


Modified:
   data/CVE/list
Log:
Update comments for CVE-2017-7275

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-03-28 18:07:18 UTC (rev 50142)
+++ data/CVE/list       2017-03-28 18:50:24 UTC (rev 50143)
@@ -154,7 +154,8 @@
        - imagemagick <undetermined>
        NOTE: 
https://blogs.gentoo.org/ago/2017/03/27/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862-and-cve-2016-8866/
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/271
-       TODO: check (need to check if we are affected by the second incomplete 
fix as well)
+       NOTE: Furthermore: upstream is not able to reproduce the problem as well
+       TODO: check (need to check if we are affected by the second incomplete 
fix as well, do not update prematurely this entry until clear from upstream)
 CVE-2017-7274 (The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in 
radare2 1.3.0 ...)
        - radare2 <not-affected> (Vulnerable parsers introduced in 1.3.0-git, 
cf. #858873)
        NOTE: 
https://github.com/radare/radare2/commit/7ab66cca5bbdf6cb2d69339ef4f513d95e532dbf


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r50143 - data/CVE

Reply via email to