[Git][security-tracker-team/security-tracker][master] libzypp fixed

Moritz Muehlenhoff Tue, 29 May 2018 06:07:57 -0700

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ed8742f3 by Moritz Muehlenhoff at 2018-05-29T15:06:52+02:00
libzypp fixed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -55476,7 +55476,7 @@ CVE-2017-9271 (The commandline package update tool 
zypper writes HTTP proxy ...)
 CVE-2017-9270 (In cryptctl before version 2.0 a malicious server could send 
RPC ...)
        NOT-FOR-US: SuSE cryptctl
 CVE-2017-9269 (In libzypp before August 2018 GPG keys attached to YUM 
repositories ...)
-       - libzypp <unfixed> (bug #899065)
+       - libzypp 17.3.1-1 (bug #899065)
        [jessie] - libzypp <ignored> (Minor issue)
 CVE-2017-9268 (In the open build service before 201707022 the wipetrigger and 
rebuild ...)
        - open-build-service <unfixed> (low)
@@ -61481,10 +61481,10 @@ CVE-2017-7438 (NetIQ Privileged Account Manager 
before 3.1 Patch Update 3 allowe
 CVE-2017-7437 (NetIQ Privileged Account Manager before 3.1 Patch Update 3 
allowed ...)
        NOT-FOR-US: NetIQ Privileged Account Manager
 CVE-2017-7436 (In libzypp before 20170803 it was possible to retrieve unsigned 
...)
-       - libzypp <unfixed> (bug #899065)
+       - libzypp 17.3.1-1 (bug #899065)
        [jessie] - libzypp <ignored> (Minor issue)
 CVE-2017-7435 (In libzypp before 20170803 it was possible to add unsigned YUM 
...)
-       - libzypp <unfixed> (bug #899065)
+       - libzypp 17.3.1-1 (bug #899065)
        [jessie] - libzypp <ignored> (Minor issue)
 CVE-2017-7434 (In the JDBC driver of NetIQ Identity Manager before 4.6 sending 
out ...)
        NOT-FOR-US: NetIQ Identity Manager
@@ -173791,7 +173791,7 @@ CVE-2013-3706 (Directory traversal vulnerability in 
the PreBoot service in Novel
 CVE-2013-3705 (The VBA32 AntiRootKit component for Novell Client 2 SP3 before 
IR5 on ...)
        NOT-FOR-US: Novell Client
 CVE-2013-3704 (The RPM GPG key import and handling feature in libzypp 12.15.0 
and ...)
-       NOT-FOR-US: libzypp
+       - libzypp <not-affected> (Fixed before initial upload)
 CVE-2013-3703
        RESERVED
        NOT-FOR-US: Open Build Service



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ed8742f39e4aafa3d40eeffa695975355056103c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ed8742f39e4aafa3d40eeffa695975355056103c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] libzypp fixed

Reply via email to