1
Candidate: CVE-2017-5617
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5617
5
https://github.com/blackears/svgSalamander/issues/11
6
http://www.openwall.com/lists/oss-security/2017/01/27/3
8
The SVG Salamander (aka svgSalamander) library, when used in a web
9
application, allows remote attackers to conduct server-side request forgery
10
(SSRF) attacks via an xlink:href attribute in an SVG file.
14
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853134
19
Patches_svgsalamander:
20
upstream_svgsalamander: released (1.1.1+dfsg-2)
21
precise_svgsalamander: released (0~svn95-1+deb8u1build0.12.04.1)
22
precise/esm_svgsalamander: DNE (precise was released [0~svn95-1+deb8u1build0.12.04.1])
23
trusty_svgsalamander: released (0~svn95-1+deb8u1build0.14.04.1)
24
vivid/stable-phone-overlay_svgsalamander: DNE
25
vivid/ubuntu-core_svgsalamander: DNE
26
xenial_svgsalamander: released (0~svn95-1+deb8u1build0.16.04.1)
27
yakkety_svgsalamander: ignored (reached end-of-life)
28
zesty_svgsalamander: not-affected (1.1.1+dfsg-2)
29
devel_svgsalamander: not-affected (1.1.1+dfsg-2)