Author: carnil Date: 2017-10-04 06:15:12 +0000 (Wed, 04 Oct 2017) New Revision: 56392
Modified: data/CVE/list Log: Add new curl issue Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-10-04 04:20:16 UTC (rev 56391) +++ data/CVE/list 2017-10-04 06:15:12 UTC (rev 56392) @@ -2332,6 +2332,11 @@ NOTE: https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_mqc_flush-mqc-c/ NOTE: https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9 NOTE: https://github.com/uclouvain/openjpeg/issues/982 +CVE-2017-1000254 [FTP PWD response parser out of bounds read] + - curl <unfixed> + NOTE: https://curl.haxx.se/docs/adv_20171004.html + NOTE: Patch: https://curl.haxx.se/CVE-2017-1000254.patch + NOTE: Introduced by: https://github.com/curl/curl/commit/415d2e7cb7 CVE-2017-1000253 [PIE/stack corruption] - linux 4.0.2-1 [jessie] - linux 3.16.7-ckt11-1 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits