CVE-2017-7000

NameCVE-2017-7000
DescriptionAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-3926-1
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
chromium-browser (PTS)jessie (security), jessie57.0.2987.98-1~deb8u1vulnerable
stretch62.0.3202.89-1~deb9u1fixed
stretch (security)66.0.3359.117-1~deb9u1fixed
buster62.0.3202.89-1fixed
sid67.0.3396.79-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromium-browsersource(unstable)60.0.3112.78-1medium
chromium-browsersourcejessie(unfixed)end-of-life
chromium-browsersourcestretch60.0.3112.78-1~deb9u1mediumDSA-3926-1
chromium-browsersourcewheezy(unfixed)end-of-life

Notes

[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)

Search for package or bug name: Reporting problems