← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master

« back to all changes in this revision

Viewing changes to retired/CVE-2017-5617

  • Committer: Steve Beattie
  • Date: 2019-02-19 06:18:27 UTC
  • Revision ID: sbeattie@ubuntu.com-20190219061827-oh57fzcfc1u9dlfk
The ubuntu-cve-tracker project has been converted to git.

Please use 'git clone https://git.launchpad.net/ubuntu-cve-tracker' to
get the converted tree.

Show diffs side-by-side

added added

removed removed

Lines of Context:
retired/CVE-2017-5617
1
 
Candidate: CVE-2017-5617
2
 
PublicDate: 2017-03-16
3
 
References:
4
 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5617
5
 
 https://github.com/blackears/svgSalamander/issues/11
6
 
 http://www.openwall.com/lists/oss-security/2017/01/27/3
7
 
Description:
8
 
 The SVG Salamander (aka svgSalamander) library, when used in a web
9
 
 application, allows remote attackers to conduct server-side request forgery
10
 
 (SSRF) attacks via an xlink:href attribute in an SVG file.
11
 
Ubuntu-Description:
12
 
Notes:
13
 
Bugs:
14
 
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853134
15
 
Priority: medium
16
 
Discovered-by:
17
 
Assigned-to:
18
 
 
19
 
Patches_svgsalamander:
20
 
upstream_svgsalamander: released (1.1.1+dfsg-2)
21
 
precise_svgsalamander: released (0~svn95-1+deb8u1build0.12.04.1)
22
 
precise/esm_svgsalamander: DNE (precise was released [0~svn95-1+deb8u1build0.12.04.1])
23
 
trusty_svgsalamander: released (0~svn95-1+deb8u1build0.14.04.1)
24
 
vivid/stable-phone-overlay_svgsalamander: DNE
25
 
vivid/ubuntu-core_svgsalamander: DNE
26
 
xenial_svgsalamander: released (0~svn95-1+deb8u1build0.16.04.1)
27
 
yakkety_svgsalamander: ignored (reached end-of-life)
28
 
zesty_svgsalamander: not-affected (1.1.1+dfsg-2)
29
 
devel_svgsalamander: not-affected (1.1.1+dfsg-2)