[Secure-testing-commits] r58657 - data/CVE

Salvatore Bonaccorso Sun, 17 Dec 2017 11:52:07 -0800

Author: carnil
Date: 2017-12-17 19:51:11 +0000 (Sun, 17 Dec 2017)
New Revision: 58657


Modified:
   data/CVE/list
Log:
Mark CVE-2017-17513, negligible security impact

A user needs to open a scpecially crafted url via the problematik mtxrun
programms.

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-12-17 19:43:30 UTC (rev 58656)
+++ data/CVE/list       2017-12-17 19:51:11 UTC (rev 58657)
@@ -4935,11 +4935,11 @@
        - nip2 <unfixed> (unimportant)
        NOTE: 
https://sources.debian.org/src/nip2/8.4.0-1/src/boxes.c/?hl=727#L727
 CVE-2017-17513 (TeX Live through 20170524 does not validate strings before 
launching ...)
-       - texlive-base <unfixed>
+       - texlive-base <unfixed> (unimportant)
        [wheezy] - texlive-base <not-affected> (Vulnerable code do not exist)
-       - texlive-bin <unfixed>
+       - texlive-bin <unfixed> (unimportant)
        [wheezy] - texlive-bin <not-affected> (Vulnerable code do not exist)
-       - context <unfixed>
+       - context <unfixed> (unimportant)
        [wheezy] - context <not-affected> (Vulnerable code do not exist)
        NOTE: 
https://sources.debian.org/src/texlive-base/2017.20171128-1/texmf-dist/tex/luatex/lualibs/lualibs-os.lua/#L153
        NOTE: 
https://sources.debian.org/src/texlive-bin/2016.20160513.41080.dfsg-2/texk/texlive/linked_scripts/context/stubs/unix/mtxrun/#L3004


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r58657 - data/CVE

Reply via email to