Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 455e2639 by Salvatore Bonaccorso at 2018-04-29T08:15:39+02:00 Remove unneeded aliased reference to Red Hat bug NOTABUG in Red Hat context does not necessarly mean the issue is not present. The statement is made clear in https://bugzilla.redhat.com/show_bug.cgi?id=1535554#c4 and indeed that CVE might not be warranted. In any case we should not follow right away NOTABUG tagged Red Hat bugs but carlify with upstreams and maintainers if the CVE is invalid. The specific CVEs for krb5 are already discussed with the maintainers (wich are as well upstream), so we will followup once we have more feedback on the two particular CVEs. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -13075,7 +13075,6 @@ CVE-2018-5709 (An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16 - krb5 <unfixed> (bug #889684) [wheezy] - krb5 <no-dsa> (Minor issue, according to Red Hat this is not a bug) NOTE: https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow - NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-5709 CVE-2018-5708 (An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on ...) NOT-FOR-US: D-Link CVE-2018-5707 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/455e2639e133ecf6364e1031532b2f1da668f9da --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/455e2639e133ecf6364e1031532b2f1da668f9da You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
