[Git][security-tracker-team/security-tracker][master] ruby-rails-admin, nghttp2, mbedtls no-dsa

Wed, 18 Apr 2018 10:22:04 -0700 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
154f5911 by Moritz Muehlenhoff at 2018-04-18T19:20:33+02:00
ruby-rails-admin, nghttp2, mbedtls no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -476,13 +476,17 @@ CVE-2017-18259 (Dolibarr ERP/CRM is affected by stored 
Cross-Site Scripting (XSS
        [jessie] - dolibarr <ignored> (Scheduled for removal)
 CVE-2018-9989 (ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has 
a buffer ...)
        - mbedtls 2.8.0-1
+       [stretch] - mbedtls <no-dsa> (Minor issue)
        - polarssl <removed>
+       [jessie] - polarssl <no-dsa> (Minor issue)
        NOTE: 
https://github.com/ARMmbed/mbedtls/commit/5224a7544c95552553e2e6be0b4a789956a6464e
        NOTE: 
https://github.com/ARMmbed/mbedtls/commit/740b218386083dc708ce98ccc94a63a95cd5629e
        NOTE: 
https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released
 CVE-2018-9988 (ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has 
a buffer ...)
        - mbedtls 2.8.0-1
+       [stretch] - mbedtls <no-dsa> (Minor issue)
        - polarssl <removed>
+       [jessie] - polarssl <no-dsa> (Minor issue)
        NOTE: 
https://github.com/ARMmbed/mbedtls/commit/027f84c69f4ef30c0693832a6c396ef19e563ca1
        NOTE: 
https://github.com/ARMmbed/mbedtls/commit/a1098f81c252b317ad34ea978aea2bc47760b215
        NOTE: 
https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released
@@ -753,7 +757,8 @@ CVE-2018-9859
        RESERVED
 CVE-2018-1000168 [Denial of service due to NULL pointer dereference]
        RESERVED
-       - nghttp2 <unfixed> (bug #895566)
+       - nghttp2 <unfixed> (low; bug #895566)
+       [stretch] - nghttp2 <no-dsa> (Minor issue)
        [jessie] - nghttp2 <not-affected> (Issue introduced in 1.10.0)
        NOTE: Affected versions: nghttp2 >= 1.10.0 and nghttp2 <= v1.31.0
        NOTE: Fixed by: 
https://github.com/nghttp2/nghttp2/commit/b1bd6035e884b3d83748914a3b5f2a8e52a78a2f
@@ -42937,6 +42942,7 @@ CVE-2017-12099
        RESERVED
 CVE-2017-12098 (An exploitable cross site scripting (XSS) vulnerability exists 
in the ...)
        - ruby-rails-admin <unfixed>
+       [stretch] - ruby-rails-admin <no-dsa> (Minor issue)
        NOTE: 
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0450
 CVE-2017-12097 (An exploitable cross site scripting (XSS) vulnerability exists 
in the ...)
        NOT-FOR-US: delayed_job_web rails gem



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/154f59110478f7003f2df7187dbacc1bcfbfeeba

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/154f59110478f7003f2df7187dbacc1bcfbfeeba
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to