Merge pull request #1885 from tych0/CVE-2017-1000363

docs: add a blurb about CVE-2017-1000363
2025-07-20 01:29:07 +00:00 · 2017-05-24 16:08:14 +01:00 · 2017-05-24 16:08:14 +01:00 · 6b54f43c4c
commit 6b54f43c4c
parent bd43e35846 90c7047973
1 changed files with 2 additions and 0 deletions
--- a/docs/security-events.md
+++ b/docs/security-events.md
@ -5,6 +5,8 @@ The incomplete list below is an assessment of some CVEs, and LinuxKit's resilien

 ### Bugs mitigated:

+* [CVE-2017-1000363](http://www.openwall.com/lists/oss-security/2017/05/23/16):
+  This CVE requires `CONFIG_PRINTER=y`, so we are not vulnerable.
 * [CVE-2017-2636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2636)
  ([exploit post](https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html)):
  This CVE requires `CONFIG_N_HDLC={y|m}`, which LinuxKit does not specify, and so