Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
76d9c07e by Moritz Muehlenhoff at 2025-08-22T12:30:22+02:00
disassociate CVE-2017-17520 from src:tin
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -583143,7 +583143,7 @@ CVE-2017-17521 (uiutil.c in FontForge through
20170731 does not validate strings
- fontforge <unfixed> (unimportant)
NOTE:
https://sources.debian.org/src/fontforge/1:20170731%7Edfsg-1/fontforgeexe/uiutil.c/#L285
CVE-2017-17520 (tools/url_handler.pl in TIN 2.4.1 does not validate strings
before lau ...)
- - tin <unfixed> (unimportant)
+ NOTE: Bogus CVE assignment, works as intended:
NOTE:
https://sources.debian.org/src/tin/1:2.4.1-1/tools/url_handler.pl/?hl=120#L120
NOTE: Documentation has a clear SECURITY section mentioning that [...]
url_handler
NOTE: does not try hard to shell escape its input nor does it convert
relative URLs
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76d9c07e75346d572ab7fd59f5e2d93a26866638
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76d9c07e75346d572ab7fd59f5e2d93a26866638
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
