Christoph Berg pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7300d23e by Christoph Berg at 2018-05-10T17:26:38+02:00
Add details for CVE-2018-1115
No DSA needed, the issue is minor (non-default configuration, and the
only impact is that users can rotate the log file)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -26728,8 +26728,15 @@ CVE-2018-1117
RESERVED
CVE-2018-1116
RESERVED
-CVE-2018-1115
- RESERVED
+CVE-2018-1115 [public execution privileges on pg_rotate_logfile() in adminpack
extension]
+ - postgresql-10 10.4-1
+ - postgresql-9.6 <removed>
+ [stretch] - postgresql-9.6 <no-dsa> (Minor issue)
+ - postgresql-9.4 <removed>
+ [jessie] - postgresql-9.4 <not-affected> (Code not present)
+ - postgresql-9.1 <removed>
+ [jessie] - postgresql-9.1 <not-affected> (Code not present)
+ [wheezy] - postgresql-9.1 <not-affected> (Code not present)
CVE-2018-1114 [File descriptor leak caused by
JarURLConnection.getLastModified() allows attacker to cause a denial of service]
RESERVED
- undertow 1.4.25-1 (bug #897247)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7300d23e06846e4638aa870f5f1daffaafd4798e
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7300d23e06846e4638aa870f5f1daffaafd4798e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
