Author: carnil Date: 2017-11-19 19:24:14 +0000 (Sun, 19 Nov 2017) New Revision: 57835
Modified: data/CVE/list Log: Mark CVE-2017-15994 as not-affected As argued in previous commit message follow Thorsten Alteholz analysis. Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-19 19:22:54 UTC (rev 57834) +++ data/CVE/list 2017-11-19 19:24:14 UTC (rev 57835) @@ -2872,11 +2872,7 @@ CVE-2014-10064 RESERVED CVE-2017-15994 (rsync 3.1.3-development before 2017-10-24, as used in the xlucas svfs ...) - - rsync <unfixed> - [buster] - rsync <not-affected> (vulnerable code only in development version, but not released) - [stretch] - rsync <not-affected> (vulnerable code only in development version, but not released) - [jessie] - rsync <not-affected> (vulnerable code only in development version, but not released) - [wheezy] - rsync <not-affected> (vulnerable code only in development version, but not released) + - rsync <not-affected> (Problematic code to allow checksum choice only introduced after 3.1.2 release) NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=7b8a4ecd6ff9cdf4e5d3850ebf822f1e989255b3 NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=9a480deec4d20277d8e20bc55515ef0640ca1e55 NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=c252546ceeb0925eb8a4061315e3ff0a8c55b48b _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits