[Secure-testing-commits] r57835 - data/CVE

Salvatore Bonaccorso Sun, 19 Nov 2017 11:48:11 -0800

Author: carnil
Date: 2017-11-19 19:24:14 +0000 (Sun, 19 Nov 2017)
New Revision: 57835


Modified:
   data/CVE/list
Log:
Mark CVE-2017-15994 as not-affected

As argued in previous commit message follow Thorsten Alteholz analysis.

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-11-19 19:22:54 UTC (rev 57834)
+++ data/CVE/list       2017-11-19 19:24:14 UTC (rev 57835)
@@ -2872,11 +2872,7 @@
 CVE-2014-10064
        RESERVED
 CVE-2017-15994 (rsync 3.1.3-development before 2017-10-24, as used in the 
xlucas svfs ...)
-       - rsync <unfixed>
-       [buster] - rsync <not-affected> (vulnerable code only in development 
version, but not released)
-       [stretch] - rsync <not-affected> (vulnerable code only in development 
version, but not released)
-       [jessie] - rsync <not-affected> (vulnerable code only in development 
version, but not released)
-       [wheezy] - rsync <not-affected> (vulnerable code only in development 
version, but not released)
+       - rsync <not-affected> (Problematic code to allow checksum choice only 
introduced after 3.1.2 release)
        NOTE: 
https://git.samba.org/?p=rsync.git;a=commit;h=7b8a4ecd6ff9cdf4e5d3850ebf822f1e989255b3
        NOTE: 
https://git.samba.org/?p=rsync.git;a=commit;h=9a480deec4d20277d8e20bc55515ef0640ca1e55
        NOTE: 
https://git.samba.org/?p=rsync.git;a=commit;h=c252546ceeb0925eb8a4061315e3ff0a8c55b48b


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57835 - data/CVE

Reply via email to