[Secure-testing-commits] r56392 - data/CVE

Salvatore Bonaccorso Tue, 03 Oct 2017 23:15:54 -0700

Author: carnil
Date: 2017-10-04 06:15:12 +0000 (Wed, 04 Oct 2017)
New Revision: 56392


Modified:
   data/CVE/list
Log:
Add new curl issue

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-10-04 04:20:16 UTC (rev 56391)
+++ data/CVE/list       2017-10-04 06:15:12 UTC (rev 56392)
@@ -2332,6 +2332,11 @@
        NOTE: 
https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_mqc_flush-mqc-c/
        NOTE: 
https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9
        NOTE: https://github.com/uclouvain/openjpeg/issues/982
+CVE-2017-1000254 [FTP PWD response parser out of bounds read]
+       - curl <unfixed>
+       NOTE: https://curl.haxx.se/docs/adv_20171004.html
+       NOTE: Patch: https://curl.haxx.se/CVE-2017-1000254.patch
+       NOTE: Introduced by: https://github.com/curl/curl/commit/415d2e7cb7
 CVE-2017-1000253 [PIE/stack corruption]
        - linux 4.0.2-1
        [jessie] - linux 3.16.7-ckt11-1


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r56392 - data/CVE

Reply via email to