[Secure-testing-commits] r55425 - data/CVE

Markus Koschany Sun, 03 Sep 2017 12:16:38 -0700

Author: apo
Date: 2017-09-03 19:15:39 +0000 (Sun, 03 Sep 2017)
New Revision: 55425


Modified:
   data/CVE/list
Log:
CVE-2017-2834,freerdp: Mark as not-affected in Wheezy

The license_recv function in Wheezy does not subtract 4 from the length
variable and this variable is also not passed to the decryption function.


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-09-03 18:50:03 UTC (rev 55424)
+++ data/CVE/list       2017-09-03 19:15:39 UTC (rev 55425)
@@ -33090,6 +33090,7 @@
        RESERVED
        {DSA-3923-1}
        - freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880)
+       [wheezy] - freerdp <not-affected> (vulnerable code not present)
        NOTE: 
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0336
        NOTE: 
http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html
        NOTE: 
https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c
 (1.1)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r55425 - data/CVE

Reply via email to