[Git][security-tracker-team/security-tracker][master] 3 commits: Jessie not affected by CVE-2017-15400

Thorsten Alteholz Tue, 29 May 2018 06:56:34 -0700

Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2c75a16d by Thorsten Alteholz at 2018-05-29T15:51:12+02:00
Jessie not affected by CVE-2017-15400

- - - - -
b5018173 by Thorsten Alteholz at 2018-05-29T15:52:18+02:00
follow security with no-dsa for CVE-2018-5729 and CVE-2018-5730

- - - - -
4a453fab by Thorsten Alteholz at 2018-05-29T15:52:44+02:00
krb5 is no-dsa

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -15827,11 +15827,13 @@ CVE-2018-5730 (MIT krb5 1.6 or later allows an 
authenticated kadmin with permiss
        - krb5 <unfixed> (bug #891869)
        [stretch] - krb5 <no-dsa> (Minor issue)
        [jessie] - krb5 <no-dsa> (Minor issue)
+       [wheezy] - krb5 <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1
 CVE-2018-5729 (MIT krb5 1.6 or later allows an authenticated kadmin with 
permission ...)
        - krb5 <unfixed> (bug #891869)
        [stretch] - krb5 <no-dsa> (Minor issue)
        [jessie] - krb5 <no-dsa> (Minor issue)
+       [wheezy] - krb5 <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1
 CVE-2018-5728 (Cobham Sea Tel 121 build 222701 devices allow remote attackers 
to ...)
        NOT-FOR-US: Cobham Sea Tel 121 build 222701 devices
@@ -36839,6 +36841,7 @@ CVE-2017-15401
        RESERVED
 CVE-2017-15400 (Insufficient restriction of IPP filters in CUPS in Google 
Chrome OS ...)
        - cups 2.2.3-2
+       [jessie] - cups <not-affected> (Vulnerable code not present, 
ppdCreateFromIPP() introduced in v2.2.0)
        [wheezy] - cups <not-affected> (Vulnerable code not present)
        NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=777215
        NOTE: Patches from upstream to restrict what filters will be accpeted


=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -19,11 +19,6 @@ firefox-esr (Emilio Pozuelo)
   NOTE: 20180525: We will need an update to Firefox ESR 60 in jessie once 52 
goes EOL.
   NOTE: 20180525: This needs some backports (llvm, rustc, cargo) which need 
some work.
 --
-krb5 (Thorsten Alteholz)
-  NOTE: 20180131: lts-do-not-call
-  NOTE: 20180411: Details not public yet. Security team in contact with  
upstream. (anarcat)
-  NOTE: 20180411: See also 
https://lists.debian.org/msgid-search/20180208212643.GB7792@pisco.westfalen.local
 (anarcat)
---
 lame (Hugo Lefeuvre)
   NOTE: 20180515: Patch available and tested. Will coordinate with Fabian to 
provide Wheezy and Jessie uploads for the next Jessie point release.
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/ed8742f39e4aafa3d40eeffa695975355056103c...4a453fab3a0f2b6a292c4aa127ef4ac894fa8a1f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/ed8742f39e4aafa3d40eeffa695975355056103c...4a453fab3a0f2b6a292c4aa127ef4ac894fa8a1f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 3 commits: Jessie not affected by CVE-2017-15400

Reply via email to