[Secure-testing-commits] r58338 - data/CVE

Salvatore Bonaccorso Thu, 07 Dec 2017 11:30:06 -0800

Author: carnil
Date: 2017-12-07 19:29:48 +0000 (Thu, 07 Dec 2017)
New Revision: 58338


Modified:
   data/CVE/list
Log:
Hint to the fix for CVE-2017-16926

The commit changes ohcount to use libmagic instead of spawning a process
to run file and allowing the injection.

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-12-07 19:15:38 UTC (rev 58337)
+++ data/CVE/list       2017-12-07 19:29:48 UTC (rev 58338)
@@ -3643,6 +3643,7 @@
        - ohcount <unfixed> (bug #882372)
        [stretch] - ohcount <no-dsa> (Minor issue)
        [jessie] - ohcount <no-dsa> (Minor issue)
+       NOTE: 
https://github.com/blackducksoftware/ohcount/commit/6bed45d6fb7c080ae5c163c12b4eb8749a3492ac
 (v3.1.0)
 CVE-2017-16925
        RESERVED
 CVE-2017-16924


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r58338 - data/CVE

Reply via email to