Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1bf89d19 by Salvatore Bonaccorso at 2018-03-04T08:35:17+01:00 Update CVE-2017-18174 information Rationale: in kernel-sec the conclusion was that the double-free issue is only introduced within the 4.11 release cycle and fixed in the same relase cycle, but not affecting 4.7 version. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -2950,11 +2950,8 @@ CVE-2018-1000041 (GNOME librsvg version before commit ...) NOTE: Merge of changes: https://github.com/GNOME/librsvg/commit/c6ddf2ed4d768fd88adbea2b63f575cd523022ea NOTE: https://github.com/GNOME/librsvg/commit/4de19d9fdddf81773125b04a4defe1ffd0d3bfe0 CVE-2017-18174 (In the Linux kernel before 4.7, the amd_gpio_remove function in ...) - - linux 4.11.6-1 - [stretch] - linux <not-affected> (Issue introduced later) - [jessie] - linux <not-affected> (Vulnerable code not present) - [wheezy] - linux <not-affected> (Vulnerable code not present) - NOTE: Fixed by: https://git.kernel.org/linus/8dca4a41f1ad65043a78c2338d9725f859c8d2c3 + - linux <not-affected> (Vulnerable code not present) + NOTE: double-free introduced and fixed in the 4.11 release cycle CVE-2017-18173 RESERVED CVE-2017-18172 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1bf89d19610a22b25b82f42d3acb6d2e21577e5e --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1bf89d19610a22b25b82f42d3acb6d2e21577e5e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits