Author: carnil Date: 2017-12-07 19:29:48 +0000 (Thu, 07 Dec 2017) New Revision: 58338
Modified: data/CVE/list Log: Hint to the fix for CVE-2017-16926 The commit changes ohcount to use libmagic instead of spawning a process to run file and allowing the injection. Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-12-07 19:15:38 UTC (rev 58337) +++ data/CVE/list 2017-12-07 19:29:48 UTC (rev 58338) @@ -3643,6 +3643,7 @@ - ohcount <unfixed> (bug #882372) [stretch] - ohcount <no-dsa> (Minor issue) [jessie] - ohcount <no-dsa> (Minor issue) + NOTE: https://github.com/blackducksoftware/ohcount/commit/6bed45d6fb7c080ae5c163c12b4eb8749a3492ac (v3.1.0) CVE-2017-16925 RESERVED CVE-2017-16924 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits